Welcome to Geeklog, Anonymous Monday, December 23 2024 @ 05:11 am EST
Geeklog Forums
geeklog hacked, sysadmin said to lockdown
David Slater
Anonymous
hey all
my sites where hacked and the system admin requested that I refer to http://xforce.iss.net/xforce/xfdb/27469 (a link from 2006)
is there a fix? one of these sites is running 1.4.1??? (I am updating my other one from 1.3.1 (ya ya I know old . . .)
DAVE
my sites where hacked and the system admin requested that I refer to http://xforce.iss.net/xforce/xfdb/27469 (a link from 2006)
is there a fix? one of these sites is running 1.4.1??? (I am updating my other one from 1.3.1 (ya ya I know old . . .)
DAVE
12
9
Quote
Status: offline
jmucchiello
Forum User
Full Member
Registered: 08/29/05
Posts: 985
That attack is only feasible if register globals is on. Also, $_CONF['path'] is never referenced by the code before it is overwritten in config.php. So while this attack is potentially a problem it would be impossible to exploit without other security holes allowing the user to upload arbitrary files to arbitrary directories.
Looking through the list of files, all of them have code that prevents them from being loaded directly from a browser. So that also stops this attack cold:
die ('This file can not be used on its own.');
}
Looking through the list of files, all of them have code that prevents them from being loaded directly from a browser. So that also stops this attack cold:
Text Formatted Code
if (strpos ($_SERVER['PHP_SELF'], 'functions.inc') !== false) {die ('This file can not be used on its own.');
}
14
11
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: David Slater
my sites where hacked and the system admin requested that I refer to http://xforce.iss.net/xforce/xfdb/27469 (a link from 2006)
This has long been fixed and only applied to sites that didn't follow the installation instructions anyway (plus have register_globals = on, as Joe pointed out).
12
12
Quote
All times are EST. The time is now 05:11 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content