Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?
  1. Home
  2. Discussion Forum
  3. PHPFusion 6 Support
  4. Official Core Support - 6
  5. 6.01.19 vulnerable?

6.01.19 vulnerable?

Asked Modified Viewed 2,858 times
Back to Forum Index Previous Topic Next Topic
Print
M
MerlinSt
M
  • Junior Member, joined since
  • Contributed 10 posts on the community forums.
  • Started 4 threads in the forums
  • Started this discussions
asked
Junior Member

i found 8 lines in httpd access.log - the result is a login with administrator-account and new panel with code :o
passwords are strong, database prefix is not default.

Code Download source
89.149.244.135 - - [19/Dec/2009:15:13:06 +0100] "POST /news.php HTTP/1.1" 200 88485 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
89.149.244.135 - - [19/Dec/2009:15:13:07 +0100] "GET /news.php HTTP/1.1" 200 96946 "http://www.lazycats.f-staudt.de/news.php" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
89.149.244.135 - - [19/Dec/2009:15:13:07 +0100] "GET /administration/index.php?aid=5fd8e35566461d25 HTTP/1.1" 200 9866 "http://www.lazycats.f-staudt.de/news.php" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
89.149.244.135 - - [19/Dec/2009:15:13:07 +0100] "GET /administration/panels.php?aid=5fd8e35566461d25 HTTP/1.1" 200 25556 "http://www.lazycats.f-staudt.de/administration/index.php?aid=5fd8e35566461d25" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
89.149.244.135 - - [19/Dec/2009:15:13:07 +0100] "GET /administration/panel_editor.php?aid=5fd8e35566461d25&step=edit&panel_id=17 HTTP/1.1" 200 19228 "http://www.lazycats.f-staudt.de/administration/panels.php?aid=5fd8e35566461d25" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
89.149.244.135 - - [19/Dec/2009:15:13:07 +0100] "POST /administration/panel_editor.php?aid=5fd8e35566461d25&panel_id=17 HTTP/1.1" 200 5355 "http://www.lazycats.f-staudt.de/administration/panel_editor.php?aid=5fd8e35566461d25&step=edit&panel_id=17" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
89.149.244.135 - - [19/Dec/2009:15:13:07 +0100] "GET /administration/panels.php?aid=5fd8e35566461d25 HTTP/1.1" 200 25556 "http://www.lazycats.f-staudt.de/administration/panel_editor.php?aid=5fd8e35566461d25&panel_id=17" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
89.149.244.135 - - [19/Dec/2009:15:13:08 +0100] "GET /administration/panels.php?aid=5fd8e35566461d25&step=setstatus&status=1&panel_id=17 HTTP/1.1" 200 25556 "http://www.lazycats.f-staudt.de/administration/panels.php?aid=5fd8e35566461d25" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
0 replies

3 posts

C
Craig
C
Craig 14
  • Fusioneer, joined since
  • Contributed 4,462 posts on the community forums.
  • Started 212 threads in the forums
answered
Fusioneer

Put your site into maintenance mode.

Change all your passwords for your site log in admin log in ftp sql and any other passwords.

open administration/panels and look for malicious code.
0 replies
B
bite
B
bite 10
  • Member, joined since
  • Contributed 163 posts on the community forums.
  • Started 5 threads in the forums
answered
Member

Well first of all that was done by script, not a human. Did you got the panel with id 17? If no, then everything is fine.
0 replies
M
MerlinSt
M
  • Junior Member, joined since
  • Contributed 10 posts on the community forums.
  • Started 4 threads in the forums
  • Started this discussions
answered
Junior Member

i have all changed like u said + new database prefix.


0 replies

Category Forum

Official Core Support - 6

Labels

None yet

Statistics

  • Views 0 views
  • Posts 3 posts
  • Votes 0 votes
  • Topic users 3 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet