Support Forums - All Posts - XOOPS Web Application System

1

Re: MyAds 2.x vulnerable!

2006/7/4 0:58
penkay
Just popping in
Posts: 10
Since: 2006/3/4 1

Some ass**** broke in to my XOOPS 2.013 and left this web address in my sql tables last night ... under config
---
http://jiqqags.ji.funpic.de/t.html
---

I have the my ads module on two applications running on my site. I quess this is how they got in. I will do this update and hope this is the hole.. thanks for the coding

2

Re: looking to pay someone to develop module

2006/7/3 14:20
penkay
Just popping in
Posts: 10
Since: 2006/3/4 1

hey.. pm me and I will send you the email and msn contact of a XOOPS developer who did some modules for my site. They did a good medical app for a registered members site for a few hundred dollars. They are from china and lack a little on the English speaking end, but they are very experienced programmers,

3

Re: MyAds 2.x vulnerable!

2006/6/29 14:08
penkay
Just popping in
Posts: 10
Since: 2006/3/4 1

Stated in the advisory is the problem and the solution.. can anyone show how to edit the source code to fix this problem.. Please..Please... I use both MyAds and JobListing.(based on MyAds) thanks

The Problem:
Input passed to the "lid" parameter in annonces-p-f.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The Solution:
Edit the source code to ensure that input is properly sanitised.

4

Re: HELP!!!! My xoops site went down!!!

2006/5/26 12:35
penkay
Just popping in
Posts: 10
Since: 2006/3/4 1

That did the trick...!! Recompiled the Apache and the PHP and back in business. Thanks for your help

5

Re: HELP!!!! My xoops site went down!!!

2006/5/26 4:23
penkay
Just popping in
Posts: 10
Since: 2006/3/4 1

hey VSW.. this is the error .. have any ideas..?

/usr/bin/php: relocation error: /usr/bin/php: symbol deflateInit2_, version libmysqlclient_14 not defined in file libmysqlclient.so.14 with link time reference

6

Re: HELP!!!! My xoops site went down!!!

2006/5/26 2:41
penkay
Just popping in
Posts: 10
Since: 2006/3/4 1

Hey.. did he reboot thing.. no help, I had the server customer support try to access the admin.php, they can, I had my partner access the files and she can.. it is only from my IP group that the problem exists. I have 3 workstations on the same IP group and they all error 500 and log the Premature end of script headers message. It is in 2 urls, on the same shared domain host. One site has 2 installs of xoops, latest build.. and I get the error on both admin.php files. On the other url, I can access the admin.php for xoops, but not the admin.php for my modules/ipboard. They all have the core.dumps in the roots, only difference is that in the root directory of the XOOPS I can ACCESS, I had a ip deny htacess set to several word press hackers ip's.. and that may have protected the admin.php in that directory.. I can access it... I noticed that in the error log, one of the ip's that was blocked was fishing around in some funny places on my app. so he may have been gathering info to plug into the exploit script... anybody have any ideas... of what may have been hacked... I could sure use access to my admin files again
:O( thanks..

7

Re: Help with IPB Module

2006/5/26 2:27
penkay
Just popping in
Posts: 10
Since: 2006/3/4 1

On my setup there is a setting in the invision control panel that sets the board for the XOOPS wrap.. you can toggle it on and off. Dont know if this helps or not.

xoops 20132 invision 14 with bbpixel.com mod

8

Re: HELP!!!! My xoops site went down!!!

2006/5/25 14:10
penkay
Just popping in
Posts: 10
Since: 2006/3/4 1

hey.. I had 3 sites do the exact same thing yesterday.. the 24th.. whats up.. I put the security patch on after the problem.. but still can access the admin files.. I get a premature end of script error in the log files. It is a dedicated server.. can anyone helpppppppp

9

Re: Cannot see Xoops Control Panel

2006/3/4 6:38
penkay
Just popping in
Posts: 10
Since: 2006/3/4 1

Dont know if this will help or not but the url to your control panel is http://www.yoursite.com/admin.php

and if its blank, I enter the server cpanel, delete the cache folder, and recreate a new empty one and then re-visit the control panel url.. it rebuilds itself.

10

problems with users, attached 2.0.6 db to 2.13.2 install ?

2006/3/4 2:30
penkay
Just popping in
Posts: 10
Since: 2006/3/4 1

I had a hack on my 2.06 version running IPB 1.3 Linux, cpanel... I installed a new version from fantastico into a subdomain, changed the mainfile to point to my 2.06 database, transferred my modules, upgraded to ipb 14i, everything seemed to be working so I copied it to the root, changed the paths in my mainfile, reopened the board.

Problem I have is all my registered users are given guest access on the ipb board, and in XOOPS Registered users group, does not list all of my registered users, and I cant add any users that I "search to add" but any new users that sign up seem to be fine..
is there a dbase upgrade, or a way I can reinitialize all of my users.. I have 3200 members, and only 110 show up in the registered users group list, but if I search or mail all registered users it finds them all.. any help or any idea of where I should look ... thanks

Stats
Goal:	$15.00
Due Date:	Feb 28
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$15.00

Forum Index

Re: MyAds 2.x vulnerable!

Re: looking to pay someone to develop module

Re: MyAds 2.x vulnerable!

Re: HELP!!!! My xoops site went down!!!

Re: HELP!!!! My xoops site went down!!!

Re: HELP!!!! My xoops site went down!!!

Re: Help with IPB Module

Re: HELP!!!! My xoops site went down!!!

Re: Cannot see Xoops Control Panel

problems with users, attached 2.0.6 db to 2.13.2 install ?

Login

Search

Recent Posts

Re: Errors with tdm_download

Re: Bugs in wgTransifex

Re: Errors with tdm_download

Bugs in wgTransifex

Re: Errors with tdm_download

Errors with tdm_download

Re: TPL admin xsitemap

Re: TPL admin xsitemap

Re: TPL admin xsitemap

TPL admin xsitemap

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}