| Author |
Message |
SPJeff69
Regular
Joined: Oct 25, 2004
Posts: 53
|
 Posted:
Thu Dec 15, 2005 12:04 pm |
|
I found a file in my modules directory. One is called inc.php and the other is dark.php
When I open inc.php, it opens a browser window named evilsecurity and has this:
Code:Diretório em que você está no momento: Root/"; if ($work_dir_splitted[0] == "") { $work_dir = "/"; /* Root directory. */ } else { for ($i = 0; $i < count($work_dir_splitted); $i++) { /* echo "i = $i";*/ $url .= "/".$work_dir_splitted[$i]; echo "$work_dir_splitted[$i]/"; } } ?>
|
Along with a form.
What the hell is this?! |
| |
|
|
|
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
| Posted:
Thu Dec 15, 2005 12:15 pm |
|
DELETE THOSE FILES!! They are back door exploits. Something on your site allowed them to upload them. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! |
|
|
|
|
SPJeff69
|
| Posted:
Thu Dec 15, 2005 12:21 pm |
|
d***, I wonder what I need to do to prevent this from happening.
What exactly do those files let them do? |
| |
|
|
|
|
technocrat
|
| Posted:
Thu Dec 15, 2005 12:26 pm |
|
Do you have something that allows uploading like an old version of the attachment mods, the coppermine module, etc?
Its hard to say the security warning for that file says its broken. But it will allow them to see your DB password and mess with any of the root files. |
| |
|
|
|
|
SPJeff69
|
| Posted:
Thu Dec 15, 2005 12:28 pm |
|
Someone just changed my index.php page a few days ago. I wonder if that is how they did it.
I don't have attachment mod or coppermine module, but I do have SPChat. |
| |
|
|
|
|
technocrat
|
| Posted:
Thu Dec 15, 2005 12:33 pm |
|
Yeah then that is probably what they used.
Doing some googling it looks like SPChat is what allows them to put in those files. I cannot be 100% sure because everything I find is not in english but its always SPChat and then those files. So I would say that is likely |
| |
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Thu Dec 15, 2005 6:02 pm |
|
|
|
|
|
technocrat
|
| Posted:
Thu Dec 15, 2005 6:05 pm |
|
 Thats one of the posts I found but I couldnt tell for sure what they were saying  |
| |
|
|
|
|
hitwalker
|
| Posted:
Thu Dec 15, 2005 6:10 pm |
|
well as far as i could tell its a similar script that flows around in other script scenes as well..
As for the vunerable spchat,thats wellknown and everytime they say all is okay.... |
| |
|
|
|
|
technocrat
|
| Posted:
Thu Dec 15, 2005 6:11 pm |
|
Thats what I figured. |
| |
|
|
|
|
SPJeff69
|
| Posted:
Thu Dec 15, 2005 8:34 pm |
|
Well now I know. That's pretty crappy that they can't even recognize a vulnerability when it is brought to their attention.
Oh well
Thanks guys |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
