Welcome, Guest! Log In | Create Account

Donate Share

yet another php photo album-next gener.

The forum address has changed, you have been automatically redirected. Please update any bookmarks to use the new URL.

Subscribe

My album has been hacked twice in 2.3.2

Add A Reply

You are viewing a single message from this topic. View all messages.

  1. zirkon13SourceForge.net Subscriber and DonorProject Admin

    2007-12-03 12:31:57 UTC
    Thank you for this information.

    But if you have the release 2.3.2 installed you can rest assured that your website was not hacked THIS way!

    If you have a quick look into the file /admin_modules/admin_module_deldir.inc.php
    you can see that the very first line that gets executed is:

    /*
    * Standard Security Check
    */

    if (!defined('SecCheck')) {
    die("You Cannot Access This Script Directly - Have a Nice Day.");
    }


    They TRIED to hack you this way - you can point this out to your webhost.
    The script exits at this very point if its not called from within yappa-ng
    (the SecCheck variable defined) and will not execute the path - you can
    check this for yourself :-)

    You just cant call any of the yappa-ng modules stand alone - they have to get included from the yappa-ng main script to work.

    cheers

    \fritz
< Previous | 1 | Next >

Add a Reply

You can use Markdown syntax in your reply.

Preview

Monitor this

Log in to monitor this topic. Not registered? Create an account to receive email updates when replies are posted to this topic. If you do not log in or register, your reply will be added anonymously.

About SourceForge

Find Software

Develop Software

Community

Help

Copyright © 2009 Geeknet, Inc. All rights reserved. Terms of Use