natecoupons
04-19-2010, 05:51 PM
Okay, here is what I know right now and am learning more as I go.
They uploaded a malicious file google.js which was sending people to a russian site.
I currently run 3.7.2
https://vborg.vbsupport.ru/external/2010/04/18.png
Then they uploaded two different files directly into the customavatar folder
./customavatars/adm.php
One of those was a program called adminer 2.3.1
Screen shot:
https://vborg.vbsupport.ru/external/2010/04/4.gif
https://vborg.vbsupport.ru/external/2010/04/5.gif
They also uploaded another file that I'm not sure what it does...
it was ./customavatars/setting.php
This one only has a password.
I have removed all files but would like help in knowing where the vulnerabilities are!! I have removed the ability for people to upload custom avatars for the time being because I assume that is how this happened.
Thoughts?
They uploaded a malicious file google.js which was sending people to a russian site.
I currently run 3.7.2
https://vborg.vbsupport.ru/external/2010/04/18.png
Then they uploaded two different files directly into the customavatar folder
./customavatars/adm.php
One of those was a program called adminer 2.3.1
Screen shot:
https://vborg.vbsupport.ru/external/2010/04/4.gif
https://vborg.vbsupport.ru/external/2010/04/5.gif
They also uploaded another file that I'm not sure what it does...
it was ./customavatars/setting.php
This one only has a password.
I have removed all files but would like help in knowing where the vulnerabilities are!! I have removed the ability for people to upload custom avatars for the time being because I assume that is how this happened.
Thoughts?