This is a minor one(at least I think). Himaltech is a ISP from Nepal (though I had never heard it). First think, don't host on Windows system; use free and open source Linux distro... They are cheaper, I think.
From index.php(exploitable snippet):
if(($p == "") && ($q != "")){
$filename = $q;
} elseif($p != ""){
$filename = $p."/content";
} else {
$filename = "home";
}
include($filename.$ext);
WTF? How are you making includes. Fucking noobish.
From one of the PHP scripts:
$query = "UPDATE newsFeed set date='". $_POST['dated'] ."' WHERE id='". $_POST['id'] ."'";
Oh hell. learn to validate the inputs. What would have happened if an evil user had submitted some malformed information.
Some configs from the functions.php:
<?php
$isp[lname] = "HimalTech Internet Services";
$isp[sname] = "HimalTech";
$isp[sup_tel] = "443-9541, 01-621-8615";
$isp[gen_tel] = "+977 (1) 44 39 541";
$isp[sup_email] = "support@himaltech.com";
$isp[gen_email] = "info@himaltech.com";
$radHost = "himaltech.com";
$radUser = "phpmgmt";
$radPass = "**EDITED**";
$radName = "radius";
$newsHost = localhost;
$newsUser = "himal";
$newsPass = "**EDITED**";
$newsName = "ht";
............
...........
?>
And some arrays:
$nas = array(
"69.88.8.94" => array("port" => 30, "name" => "Dhau"),
"10.0.0.3" => array("port" => 30, "name" => "vold_dhau"),
"202.161.146.197" => array("port" => 30, "name" => "old_dhau"),
"202.161.146.209" => array("port" => 30, "name" => "dhauold")
);
So that was the show on himaltech. Happy hacking!!! :)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment