front page
2- [User] can copy a file to hosting controller web directory which is executed under administrative privilege, so attacker can execute his commands by administrative privilege. e.g. an attacker can gain remote desktop of server using this bug and uploading an ASP file!
3- [Remote Attacker] can make a new user.
4- [Remote Attacker] can change all user's profiles.
5- [User] can see all the database information by a SQL injection.
6- [User] can change his credit amount or increase his discount.
7- [User] can uninstall other's FrontPage extensions.
8- [User] can delete all of gateway information.
9- [User] can enable or disable pay type.
10- [[User] can see all usernames in the server by "fp2000/NEWSRVR.asp".
11- [User] can find Hosting Controller setup directory.
12- [User] can import unwanted plan or change the plans.
I would guess someone is trying to hide a phishing page in a frontpage looking folder rather than it actually being a frontpage issue.
I understand that this is a vain hope that bugtraq will start posting something useful.
Author:Michael Brooks (Rook)<br>
Application:OpenClassifieds 1.7.0.3<br>
download: http://open-classifieds.com/download/<br>
Exploit chain:captcha bypass->sqli(insert)->persistant xss on front page<br>
If registration is required an extra link in the chain is added:<br>
Exploit chain:blind sqli(select)->captcha bypass->sqli(insert)->persistant xss on front page<br>
sites with SEO url's enabled:<br>
"powered by Open Classifieds" inurl:"publish-a-new-ad.htm" (85,000 results)<br>
or default urls:<br>
// Unescape and strip $base_path prefix, leaving q without a leading slash.
$path = substr(urldecode($request_path), $base_path_len + 1);
// If the path equals the script filename, either because 'index.php' was
// explicitly provided in the URL, or because the server added it to
// $_SERVER['REQUEST_URI'] even when it wasn't provided in the URL (some
// versions of Microsoft IIS do this), the front page should be served.
if ($path == basename($_SERVER['PHP_SELF'])) {
$path = '';
}
}
else {
----------------------
* Signed Code
All iKAT tools, VBScripts, ActiveXs, ClickOnce, SilverLight apps are
now signed by a trusted CA!
Four months ago i placed a "Donate Now" button on the front page of
iKAT, hoping to raise money for a code signing certificate
Sadly only two people donated cash (Enrique Exposito Martinez and
Gerald Fehringer, you guys rock)
Luckily a Kiosk vendor was willing to come to the party and donate
the remaining cash, so iKAT can get signed.
// Unescape and strip $base_path prefix, leaving q without a leading slash.
$path = substr(urldecode($request_path), $base_path_len + 1);
// If the path equals the script filename, either because 'index.php' was
// explicitly provided in the URL, or because the server added it to
// $_SERVER['REQUEST_URI'] even when it wasn't provided in the URL (some
// versions of Microsoft IIS do this), the front page should be served.
if ($path == basename($_SERVER['PHP_SELF'])) {
$path = '';
}
}
else {
I can’t find hardly any information about this post but this is exactly what happened after I installed service pack 3
What is funny about this error (Pages with customized data view web parts or data view web parts linked to lists on other sites are not accessible. Error message either "access denied" or "Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Windows SharePoint Services-compatible HTML editor such as FrontPage. If the problem persists, contact your Web server administrator.") it only happen when someone access my site from the outside world as long as you access the site entirely you don’t see this error.
I also have a problem with user from my intranet not being able to login at all
If I find a fix ill post it good luck
Two serious functionality issues after installing this service pack. See following thread for details...
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2173615&SiteID=1
in brief
i) Pages with customized data view web parts or data view web parts linked to lists on other sites are not accesible. Error message either "access denied" or "Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Windows SharePoint Services-compatible HTML editor such as FrontPage. If the problem persists, contact your Web server administrator."
ii) No user can use the Edit in Datasheet view feature on lists. (Possible ok for admins). When the 'Edit in Datasheet View' button is clicked the Datasheet control appears to load however the page is redirected back to the default view in every case.
Issues currently unconfirmed by Microsoft.
... you get the idea...
Meeting will always be the last Wednesday of the month, and venue is
booked for the whole year, so you can get these dates in your diary
(they are also on the front page of the main site - http://www.dc4420.org/)
January 27th
Febuary 24th
March 31st
April 28th - Infosec *gulp*
$page = hmailGetVar("page");
if ($page == "")
$page = "frontpage";
$isbackground = (substr($page, 0,10) == "background");
if ($isbackground)
> * Outcome: Defacement
> * Vertical: Government
>
> The Indonesian hacker Hmei7 has left the message "Hmei7 has touched your
> soul" on the Web site of the police department in Tucson, Arizona. Only
> unlike regular defacement, this time it is not the front page but rather the
> news section that was modified.
>
>
> WHID 2007-63: Credit card data theft at Kartenhaus, a Ticketmaster German
> subsidiary
Trying this again since the lists apparently do not like me.
This would sound more like an issue in frontpage extensions than cpanel itself.
On Dec 12, 2007 8:16 AM, Francisco Pecorella <pecorelf@gmail.com> wrote:
> Folks,
>
> I have been seen some phishings installed in servers with
> cPanel11/WebHostManager but installed on folders like _vti_cnf,
> _private, etc.
+ User interface for uploads images
+ Pre-moderation users download
+ Control Panel, can edit the name and description, delete and move
+ New comment system, it is now the most opulent gallery
+ New Front page
+ Added BBcode and a button
Vulnerability:
Jerome Athias has discovered a vulnerability in My_Gallery plugin for
e107, which can be exploited by malicious people to disclose sensitive
+ User interface for uploads images
+ Pre-moderation users download
+ Control Panel, can edit the name and description, delete and move
+ New comment system, it is now the most opulent gallery
+ New Front page
+ Added BBcode and a button
Vulnerability:
Jerome Athias has discovered a vulnerability in My_Gallery plugin for
e107, which can be exploited by malicious people to disclose sensitive
|
