 |
KaboomJk
New User
Nov 17, 2008, 11:43 AM
Post #1 of 2
(325 views)
Shortcut
|
|
CMS Builder Security?
|
Can't Post
|
|
We recently received an email from "The Honeypot Project" (http://rfih.1durch0.de/index.php) who collect information about online attacks and notify the site owners. They informed us that one of our sites (using CMS Builder) has been compromised and we should remove the following file:
http://shalonprice.com/cmsAdmin/uploads/thumb/bo.do?
It looks like someone was able to get in and upload something. The file has been deleted, but we would like to prevent anything like this from happening in the future. Is there any type of security issues to be concerned about? Or is there any other information about how this could have happened?
Thanks!
|
|
| |
|
Dave
Staff
/ Moderator
Nov 17, 2008, 12:30 PM
Post #2 of 2
(323 views)
Shortcut
|
|
Re: [KaboomJk] CMS Builder Security?
[In reply to]
|
Can't Post
|
|
Hi KaboomJk,
If you could email me any more information about that (to dave@interactivetools.com) I'd be happy to take a look.
Looking at the projects website that you linked to it looks like they mostly collect information on RFI attacks, which you can read able on Wikipedia here: http://en.wikipedia.org/wiki/Remote_File_Inclusion
I can't think of any way they would have got in through CMS Builder directly. CMS Builder limits what file extensions can be uploaded through the program. But it does require an upload directory that is writable and making it writable to one web app on your site typically makes it writable to any web app on your site so the /thumb/ directory would make sense as a writable dir for someone to try and hide something in.
I'd check for other scripts that you might have on the site that could have been compromised. Consider upgrading to the latest versions.
Also check your coding that you are escaping or checking any user input (data from forms or urls) that you are passing to PHP or MySQL. So for example if you have code like this:
mysite.com/viewer.php?file=detail.php
<?php include $_REQUEST['file'] ?>
That's an easy entry point because they can pass any filename they like to include and display other files.
Hope that helps. Let me know if you have any other questions or what you find out about what happened.
Dave Edis - Senior Developer
interactivetools.com
|
|
| |
| | |
|
