URGENT: Bug on MYSQL LOAD LOCAL DATA

Hello,

One of our customer has been loaded an exploit script which can read file contents using mysql backend. It called MYSQL LOAD LOCAL DATA.

He wrote for example

exploit.php?action=mysqlread&file=/home/httpd/vhosts/site.com/httpdocs/index.php

And then all file contents displayed on the screen. This exploit using mySQL.

Could someone help me for solve this security bug?

Thank you.

 

 

 

 

Top