|
|
Posted by Robin Faichney on 04/11/07 08:38
On Tue, 10 Apr 2007 19:33:08 GMT, "Steve Belanger"
<desktop@ebinformatique.com> wrote:
>if your site somewhere has an upload features, if it's not protected against
>specific filters, i believe that somebody can upload a php file that way and
>execute it once its' uploaded. of course they will need to know where the
>file has been saved on the server and so forth, but i believe that's a
>potential way of putting files on a server to perform harmful actions.
>
>
>"Robin Faichney" <robin@robinfaichney.invalid> wrote in message
>news:dsmn131scn3jhn19ut9tv9knggip8go25s@4ax.com...
>>A site I run has somehow been used for phishing. The url was
>> http://genuine.site/www/scotiabank/com/pe/
>>
>> I've assured the webhost that I'm not responsible and supplied dates
>> of more recent ftp and control panel access, and they suggest the
>> relevant files have been uploaded "via the website itself" but it's a
>> very simple hand-coded site using PHP only to ease design changes and
>> such, no bb/blog/whatever features. Can any PHP guru suggest how this
>> might have happened? It's Windows based, unfortunately, with PHP4.1, I
>> think, can't check because I can't access it now, it's been disabled.
>> --
>> <http://www.robinfaichney.org/>
I have some more info now. We were using the PHP contact script from
http://www.free-php-scripts.net/P/Contact_Form which includes file
upload facilities, though that option was switched off in the config
file. The PHP version is actually 4.4.6, and its config details can be
seen at http://www.theinvisibleeye.org/info.php
Is there anyone in this group who could look at this and check whether
that PHP installation is vulnerable and/or that script could somehow
have been used to upload even though the option was off? Or is there a
more appropriate group for such questions?
--
<http://www.robinfaichney.org/>
Navigation:
[Reply to this message]
|