Probably a big(GOD ADMIN) nuke BUG

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   Probably a big(GOD ADMIN) nuke BUG
Kunio
CZ Newbie
Status: Offline
Joined: Dec 04, 2003
0.00 posts per day
Posts: 26
Points: 1,118
   
IT MUST BE A BIG BUG. SOME HACKER FROM [ Register or login to view links on this board. ] HACKED MY NUKE-NEWS-SITE AND ADD SOME HACK NEWS... HE MADE ALSO 2 ACCOUNTS WITH GOD ADMIN RIGHTS. THAN THEY SEND PM TO ALL USERS:
"KASRA_EMINEM KARCHACK SECURITY GROUP"

SO LIKE I SAID IT MUST BE A BIG BUG...
PLEASE HELP...



Back to top Reply with quote
#2   re: Probably a big(GOD ADMIN) nuke BUG
Kunio
CZ Newbie
Status: Offline
Joined: Dec 04, 2003
0.00 posts per day
Posts: 26
Points: 1,118
   
I already know how they made GOD ADMIN rights! [ Register or login to view links on this board. ]


how to protect my site for this??



Back to top Reply with quote
#3   re: Probably a big(GOD ADMIN) nuke BUG
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   
What module did they use to acces the tables? You can add this into admin.php

Find in admin.php
require_once("mainfile.php");
get_lang(admin);


Add right before it

if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {
die("I dont think so!");
}
$checkurl = $_SERVER['REQUEST_URI'];

if ((preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
echo "die";
exit;
}




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum