EsOne Posted March 27, 2010 Share Posted March 27, 2010 So, my website uses ShoutPro. Well, today iw as looking in my file manager and saw the file "hey.php" in the directory of the shoutbox. I tried opening the file via my file manager, and it made FF stop responding. From what I did see of the code before it froze was milw0rm. I did some research and found that ShoutPro has a security issue, and that it can be used to remotely execute commands. I deleted all files related to it (which was only the hey.php and info.txt, which both had the same looking code in it) I searched milw0rm and got the following link about the Shoutpro Exploit: http://www.milw0rm.com/exploits/3758 I am pretty much a newish PHP coder, and do not know very much. Can someone put into dumb terms what this link is saying? What should I do to "sanitize" this code they are referring to? Sorry if this is the wrong forum Quote Link to comment Share on other sites More sharing options...
beta0x64 Posted March 28, 2010 Share Posted March 28, 2010 Oh boy. I'm sorry to hear that you've been compromised. The recommendations state that you should... 1) Add code to perform strip_tags() on $shout in shoutbox.php 2) Prevent direct access to shouts.php with a .htaccess file By "sanitizing" the input, they mean that shoutbox.php is allowing a user to do naughty things to your computer by running specialized code through your shoutbox application. This is a rather serious threat. I would change my root password, maybe even make a chroot jail for your website. Somewhere in the shoutbox code, you need to find out where the input is taken in and you need to perform a "strip_tags" on it to remove html, script tags, etc. that could be used to execute code through your application as if it was the original intent of shoutbox. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.