Some of you might have heard of a CMS called WebBrix. If you haven't, then you should know that it's absolute f'kin crap.
Live examples: prontanet.lt, itsolution.lt, ausra.nets.lt, etc.
-
Pure JavaScript. No JavaScript = no viewing our uberkewl site.
-
It's insecure in sooo many ways.
Open Live HTTP Headers and you'll see a request to "file_lister.php". It shows you all the files and dirs there.
In the file list, you can find "_xmlWriter.php" and "_xmlWriter.asp". And since it's a rare thing for both PHP and ASP to run on one server, one of the scripts works, and the other is just sent as text/plain, so you can figure out what it exactly does.
(The /pictures/ folder is world-writable. Should I need to say more?)
After some snooping here and there, you can find an XMLHttpRequest sent to this page:
http://www.webbrix.net/admin/readData.asp?returnvar=functionalityPermits&dbName=./../../private/register.mdb&sqlString=SELECT * FROM clients WHERE blah = blahblah
One more thing: noticed the _private.key and readEncrypted.php? Well, this _private.key contains^Hed the login and password for prontanet.lt (the CMS developers' site) and is included with almost every installation of WebBrix. Mmmmm, FTP.