Jump to content

Recommended Posts

So, my website uses ShoutPro. Well, today iw as looking in my file manager and saw the file "hey.php" in the directory of the shoutbox. I tried opening the file via my file manager, and it made FF stop responding. From what I did see of the code before it froze was milw0rm. I did some research and found that ShoutPro has a security issue, and that it can be used to remotely execute commands. I deleted all files related to it (which was only the hey.php and info.txt, which both had the same looking code in it)

 

I searched milw0rm and got the following link about the Shoutpro Exploit:

 

http://www.milw0rm.com/exploits/3758

 

I am pretty much a newish PHP coder, and do not know very much. Can someone put into dumb terms what this link is saying? What should I do to "sanitize" this code they are referring to?

 

Sorry if this is the wrong forum  :-[

Link to comment
https://forums.phpfreaks.com/topic/196723-php-shoutbox-help/
Share on other sites

Oh boy. I'm sorry to hear that you've been compromised.

The recommendations state that you should...

1) Add code to perform strip_tags() on $shout in shoutbox.php

2) Prevent direct access to shouts.php with a .htaccess file

 

By "sanitizing" the input, they mean that shoutbox.php is allowing a user to do naughty things to your computer by running specialized code through your shoutbox application. This is a rather serious threat. I would change my root password, maybe even make a chroot jail for your website. Somewhere in the shoutbox code, you need to find out where the input is taken in and you need to perform a "strip_tags" on it to remove html, script tags, etc. that could be used to execute code through your application as if it was the original intent of shoutbox.

Link to comment
https://forums.phpfreaks.com/topic/196723-php-shoutbox-help/#findComment-1033267
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.