A new MVC engine based on globally recognized PHP components is under the hood so you can customize ImpressPages in no time. Write your own plugins and themes to suit your and customers’ needs.
Etiquettes : cms
There are numerous issues that can allow this. The thing to keep in mind, is « defacing » only requires alteration of the content. So, this means access to how the content is stored.
If you are using static html pages, that could be done through FTP or whatever mechenism you use to upload your content to the site.
If you use dynamic content, such as a CMS system, that could be done by accessing the database where the content is stored, either through connecting to the database server, using sql injections, etc.
– SQL Injection
It depends a bit what you mean by defacing, normally defacing means you add text or pictures on a (the landing) page with some kind of message. For this to happen you need to be able to save the HTML with the changed content on the web server. You will need some kind of rights to upload files to the webserver to pull this off. XSS could also be used if you can save your XSS somewhere (think comments, forum etc.)
If you mean stealing data from a website then you could use SQL Injection, if the webmaster was so careless to save passwords to the database you could use this attack to find a login with enough rights to upload files, if the webmaster was then also careless you could perhaps even upload a new index.html.
Prevention consists of protecting against the OWASP top-10 (remote file include and SQLI and XSS would be your main areas of interest for defacing).
Defacing websites used to be a hot thing in the past, these days it is less used since there are many more dangerous attacks possible then to upload some silly message to a web server.
A nice archive of defaced websites is http://www.zone-h.org/archive
Groupe Drupal pour la suisse romande :
Solution e-commerce pour joomla:
version joomla 1.5 et 1.6, à noter que les derniers bugtraqs renvoie à joomla 1.7 …
PHP 5.1.6 or more recent
MySQL 5.0.x or more recent
source : http://www.rbschange.com/
eZ Publish Enterprise is a web content management system engineered to create value through streamlined multichannel delivery. eZ’s intuitive and simple editing solution, innovative web engagement management tools, and advanced portals and collaboration facility work in harmony to create unparalleled ease of use and efficiency for our customers.
osCommerce Online Merchant is a complete online store solution that contains both a catalog frontend and an administration tool backend which can be easily installed and configured over a web-based installation procedure.
Version française : https://github.com/oscommerce-france/oscommerce2