XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk




1
bnations
Re: Admin Hash exposed

  • 2007/9/9 17:54

  • bnations

  • Just popping in

  • Posts: 7

  • Since: 2007/3/30


Figured out the vulnerability:
Flashgames v1, SQL injection

http://www.milw0rm.com/exploits/3849

Also I tried to post an example but xoops.org didn't like it so now I get a white page when using my last IP (protector module I guess).
Moderators, please unblock me.
Topic | Forum


2
bnations
Re: Admin Hash exposed

  • 2007/9/3 21:23

  • bnations

  • Just popping in

  • Posts: 7

  • Since: 2007/3/30


These are the active modules I have installed:
System 1.02
Reviews 2.19
News 1.4
Flash Games 1
Shoutbox 3.2
Classifieds 3
Forum 3.05

These are the inactive modules:
Webshow 0.53
Mastop publish 1
Page wrap 1.01
Userpage 1.21
Content 0.5

I also would like to delete the Admin user, I already have another webmaster account I would like to use instead. Edit user keeps telling me I cant delete 'admin'....
Topic | Forum


3
bnations
Re: Admin Hash exposed

  • 2007/9/2 17:03

  • bnations

  • Just popping in

  • Posts: 7

  • Since: 2007/3/30


Ok, I have pretty much locked down everything. Now how do I stop this from happening again? On the site where I found my hash there was a list of about 12 XOOPS site's admin hashes so Im assuming there is a vulnerability in XOOPS somewhere.
Topic | Forum


4
bnations
Re: Admin Hash exposed

  • 2007/9/2 6:03

  • bnations

  • Just popping in

  • Posts: 7

  • Since: 2007/3/30


I have done the following:
Changed DB passwords, hosting account passwords, admin password, ftp password, turned the site off, but now obviously the site cant even connect to the DB for administration. So what are the critical files I need to update for the DB password so I can connect again?
Topic | Forum


5
bnations
Admin Hash exposed

  • 2007/9/2 0:34

  • bnations

  • Just popping in

  • Posts: 7

  • Since: 2007/3/30


I recently was searching my website on google & yahoo and found some Chezk/Russian hacking websites are posting a MD5 hash with from what I can translate belongs to the admin account of my site (xoops 2.0.16). I have changed the password.

How did this happen? Who else has had this problem? Is there a way to stop this?

Thanks
Topic | Forum


6
bnations
HTML in Private Message

  • 2007/8/2 17:46

  • bnations

  • Just popping in

  • Posts: 7

  • Since: 2007/3/30


Does anyone know how to allow html or JS in the XOOPS private messaging system. I have created an automated private message that has 2 links in it, ACCEPT or DECLINE. right now I'm using
[url//the url tags

and it's not working for me (especially in firefox) because I need a way to open a small window, not a whole page or new tab.

Can anyone point me in the right direction?
Thanks
Topic | Forum


7
bnations
Re: how to "install" WYSIWYG editor for custom blocks?

  • 2007/3/30 22:29

  • bnations

  • Just popping in

  • Posts: 7

  • Since: 2007/3/30


It almost worked for me in XOOPS 2.0.16, kiovi shows up but anything I submit is erased and it's like I didn't type anything. Also for some reason I'm getting strange characters in the font selection bars like "_XK_FONT", "_XK_FONT_HEADING1", anyone know how to get rid of that??

Thanks
Topic | Forum



TopTop



[Advanced Search]

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

218 user(s) are online (147 user(s) are browsing Support Forums)

Members: 0

Guests: 218

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits