Hacked VisualSVN Server by PHP-Allow user Change password

index.php

<?php
$username = $_server["Php_auth_user"]; AuthType Basic Certified User name
$authed _pass = $_server["PHP_AUTH_PW"]; Password with authtype Basic authentication
$input _oldpass = (isset ($_request["Oldpass"])? $_request["Oldpass"]: ""); The original password entered from the interface
$newpass = (Isset ($_request["Newpass"])? $_request["Newpass"]: ""); New password entered on the interface
$repeatpass = (Isset ($_request["Repeatpass"])? $_request["Repeatpass"]: ""); Duplicate password entered on the interface
$action = (Isset ($_request["action"])? $_request["Action"]: ""); Action that is submitted to the server as hide

if ($action! = "Modify") {
$action = "View";
}
else if ($authed _pass!= $input _oldpass) {
$action = "Oldpasswrong";
}
else if (empty ($newpass)) {
$action = "Passempty";
}
else if ($newpass! = $repeatpass) {
$action = "Passnotsame";
}
else{
$action = "Modify";
}
?>

<meta http-equiv= "Content-type" content= "text/html; CHARSET=GBK ">
<title>subversion Online Self-service password modification </title>
<body>

<?php
Action=view display of normal input information
if ($action = = "View") {
?>
<script language = "JavaScript" >
<!--
function Loginin (MyForm)
{
var Newpass=myform.newpass.value;
var Repeatpass=myform.repeatpass.value;

if (newpass== "") {
Alert ("Please enter your password!") ");
return false;
}

if (repeatpass== "") {
Alert ("Please enter your password again!") ");
return false;
}

if (Newpass!=repeatpass) {
Alert ("Two times input password is inconsistent, please re-enter!") ");
return false;
}
return true;
}
-
</script>
<style type= "Text/css" >
<!--
Table {
border:1px solid #CCCCCC;
Background-color: #f9f9f9;
Text-align:center;
Vertical-align:middle;
font-size:9pt;
line-height:15px;
}
th {
Font-weight:bold;
line-height:20px;
border-top-width:1px;
border-right-width:1px;
border-bottom-width:1px;
border-left-width:1px;
Border-bottom-style:solid;
Color: #333333;
Background-color:f6f6f6;
}
input{
height:18px;
}
. button {
height:20px;
}

-
</style>
<br><br><br>
<form method= "POST" >
<input type= "hidden" name= "action" value= "modify"/>
<table width= "cellpadding=" 3 "cellspacing=" 8 "align=" Center ">
<tr>
<th colspan=2>subversion Password Modification </th>
</tr>
<tr>
<td> User name:</td>
&LT;TD align= "Left" > <?php echo $username?></td>
</tr>
<tr>
<td> Original Password:</td>
<td><input Type=password size=12 name=oldpass></td>
</tr>
<tr>
<td> User Password:</td>
<td><input Type=password size=12 name=newpass></td>
</tr>
<tr>
<td> Confirm Password:</td>
<td><input Type=password size=12 name=repeatpass></td>
</tr>
<tr>
&LT;TD colspan=2>
<input onclick= "return Loginin (this.form)" class= "button" Type=submit value= "Modify" >
<input name= "reset" type=reset class= "button" value= "Cancel" >
</td>
</tr>
</table>
</form>
<?php
}
else if ($action = = "Oldpasswrong") {
$msg = "Original password error! ";
}
else if ($action = = "Passempty") {
$msg = "Please enter a new password!" ";
}
else if ($action = = "Passnotsame") {
$msg = "Two times the input password is inconsistent, please re-enter!" ";
}
else{
$passwdfile = "F:\REPOSITORIES\HTPASSWD";
$command = ' "C:\Program files\visualsvn server\bin\htpasswd.exe"-B ". $passwdfile." ". $username." ". $newpass;
System ($command, $result);
if ($result ==0) {
$msg = "User [". $username. "] Password modified successfully, please login with the new password. ";
}
else{
$msg = "User [". $username. "] Password modification failed with a return value of ". $result.", please contact your administrator! ";
}
}

if (Isset ($msg)) {
?>
<script language= "JavaScript" >
<!--
Alert ("<?php echo $msg?>");
window.location.href= "<?php echo $_server[" php_self "]?>"
-
</script>
<?php
}
?>
</body>

Hacked VisualSVN Server by PHP-Allow user Change password