Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
SPJeff69
Regular
Regular


Joined: Oct 25, 2004
Posts: 53

PostPosted: Thu Dec 15, 2005 12:04 pm Reply with quote

I found a file in my modules directory. One is called inc.php and the other is dark.php

When I open inc.php, it opens a browser window named evilsecurity and has this:
Code:
Diretório em que vocę está no momento: Root/"; if ($work_dir_splitted[0] == "") { $work_dir = "/"; /* Root directory. */ } else { for ($i = 0; $i < count($work_dir_splitted); $i++) { /* echo "i = $i";*/ $url .= "/".$work_dir_splitted[$i]; echo "$work_dir_splitted[$i]/"; } } ?> 


Along with a form.

What the hell is this?!
 
View user's profile Send private message
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Thu Dec 15, 2005 12:15 pm Reply with quote

DELETE THOSE FILES!! They are back door exploits. Something on your site allowed them to upload them.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
SPJeff69
PostPosted: Thu Dec 15, 2005 12:21 pm Reply with quote

d***, I wonder what I need to do to prevent this from happening.

What exactly do those files let them do?
 
technocrat
PostPosted: Thu Dec 15, 2005 12:26 pm Reply with quote

Do you have something that allows uploading like an old version of the attachment mods, the coppermine module, etc?

Its hard to say the security warning for that file says its broken. But it will allow them to see your DB password and mess with any of the root files.
 
SPJeff69
PostPosted: Thu Dec 15, 2005 12:28 pm Reply with quote

Someone just changed my index.php page a few days ago. I wonder if that is how they did it.

I don't have attachment mod or coppermine module, but I do have SPChat.
 
technocrat
PostPosted: Thu Dec 15, 2005 12:33 pm Reply with quote

Yeah then that is probably what they used.

Doing some googling it looks like SPChat is what allows them to put in those files. I cannot be 100% sure because everything I find is not in english but its always SPChat and then those files. So I would say that is likely
 
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Thu Dec 15, 2005 6:02 pm Reply with quote

Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
technocrat
PostPosted: Thu Dec 15, 2005 6:05 pm Reply with quote

Laughing Thats one of the posts I found but I couldnt tell for sure what they were saying Wink
 
hitwalker
PostPosted: Thu Dec 15, 2005 6:10 pm Reply with quote

well as far as i could tell its a similar script that flows around in other script scenes as well..
As for the vunerable spchat,thats wellknown and everytime they say all is okay....Smile
 
technocrat
PostPosted: Thu Dec 15, 2005 6:11 pm Reply with quote

Thats what I figured. Wink
 
SPJeff69
PostPosted: Thu Dec 15, 2005 8:34 pm Reply with quote

Well now I know. That's pretty crappy that they can't even recognize a vulnerability when it is brought to their attention.

Oh well

Thanks guys
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©