The secure CMS.

Welcome to Geeklog, Anonymous Friday, April 26 2024 @ 07:14 am EDT

Geeklog Forums

geeklog hacked, sysadmin said to lockdown

 New Topic  Post Reply
 05/23/07 07:00pm (Read 1,081 times)  

David Slater

Anonymous
hey all
my sites where hacked and the system admin requested that I refer to http://xforce.iss.net/xforce/xfdb/27469 (a link from 2006)
is there a fix? one of these sites is running 1.4.1??? (I am updating my other one from 1.3.1 (ya ya I know old . . .)

DAVE
 Quote
 05/23/07 09:06pm  
Status: offline

jmucchiello

Forum User
Full Member
Registered: 08/29/05
Posts: 985
That attack is only feasible if register globals is on. Also, $_CONF['path'] is never referenced by the code before it is overwritten in config.php. So while this attack is potentially a problem it would be impossible to exploit without other security holes allowing the user to upload arbitrary files to arbitrary directories.

Looking through the list of files, all of them have code that prevents them from being loaded directly from a browser. So that also stops this attack cold:
Text Formatted Code
if (strpos ($_SERVER['PHP_SELF'], 'functions.inc') !== false) {
    die ('This file can not be used on its own.');
}

 Quote
 05/24/07 01:58am  
Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: David Slater

my sites where hacked and the system admin requested that I refer to http://xforce.iss.net/xforce/xfdb/27469 (a link from 2006)


This has long been fixed and only applied to sites that didn't follow the installation instructions anyway (plus have register_globals = on, as Joe pointed out).
 Quote
 New Topic  Post Reply
All times are EDT. The time is now 07:14 am.
  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content