1
giba
April's Fool - kernel Xoops after version 2.0.5 is not buggy
  • 2005/4/1 0:18

  • giba

  • Just can't stay away

  • Posts: 638

  • Since: 2003/4/26


Sorry my bad English.

Users can not access mainfile.php in version of kernel 2.0.5 or higher.

Look:
Warning - Kernel bug (urgent)


Thanks

2
m0nty
Re: Warning - kernel Xoops after version 2.0.5 is bug
  • 2005/4/1 0:46

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


i have no idea what that says and systran throws an error up tryin to translate it..

3
giba
Re: Warning - kernel Xoops after version 2.0.5 is bug
  • 2005/4/1 1:09

  • giba

  • Just can't stay away

  • Posts: 638

  • Since: 2003/4/26


Sorry, link is error.

correct : http://www.xoops.net.br/modules/newbb/viewtopic.php?viewmode=flat&topic_id=3578&forum=16

Quote:

// Database
// Choose the database to be used
define('XOOPS_DB_TYPE', 'mysql');

// Table Prefix
// This prefix will be added to all new tables created to avoid name conflict in the database. If you are unsure, just use the default 'xoops'.
define('XOOPS_DB_PREFIX', 'xoops');

// Database Hostname
// Hostname of the database server. If you are unsure, 'localhost' works in most cases.
define('XOOPS_DB_HOST', 'localhost');

// Database Username
// Your database user account on the host
define('XOOPS_DB_USER', xxxx_xxxxxxx');

// Database Password
// Password for your database user account
define('XOOPS_DB_PASS', 'xxxxxxxxxxxxxx');

// Database Name
// The name of database on the host. The installer will attempt to create the database if not exist
define('XOOPS_DB_NAME', 'xoops');

4
DonXoop
Re: Warning - kernel Xoops after version 2.0.5 is bug

I still don't get it, the suggestion is that a browser can pull up the mainfile.php contents. but how, when? It certainly isn't easy as far as I can tell.

This has been brought up before as a general question but I've never seen a problem although I have seen attempts in the logs.

Or is this another Brazilian battle of wits? BTW, a common source of hack attempts in my corner of the world is from Brazil. You have your hands full down there.


5
suico
Re: Warning - kernel Xoops after version 2.0.5 is bug
  • 2005/4/1 3:39

  • suico

  • Friend of XOOPS

  • Posts: 374

  • Since: 2003/7/24


The technique he mentions was used to hack:
http://www.peak.ne.jp/xoops/

I didn t understand the technique used but has something to do with the mainfile.php file that you could read if logged in XOOPS running on servers that hasn tphp5 installed

6
H4DES
Re: Warning - kernel Xoops after version 2.0.5 is bug
  • 2005/4/1 4:22

  • H4DES

  • Just popping in

  • Posts: 9

  • Since: 2005/1/2 6


This is a severe fail that allow a registered user to have access on the DB.
A lot of sites already have been hacked:

http://xoops-modules.sourceforge.jp/
http://finalsolution.sourceforge.net/xoops/uploads/ (HACKEADO)
http://www.xoopsbrasil.com/
http://xoopsbrasileiro.codigolivre.org.br/
http://xoops.sourceforge.jp/
http://www.xoops-themes.org/
http://www.xoops-modules.com/
http://www.xoopsfactory.net/
http://www.xoops.astra-oreol.spb.ru/
https://xoops.org.cn/

In XOOPS Brasil all sites in XOOPS are being advised to shut down the access until some solutions is released.

7
phppp
Re: Warning - kernel Xoops after version 2.0.5 is bug
  • 2005/4/1 4:45

  • phppp

  • XOOPS Contributor

  • Posts: 2857

  • Since: 2004/1/25


What do you mean by "hack"?
is https://xoops.org.cn/ "has been hacked" or "to be hacked"?

8
ackbarr
Re: Warning - kernel Xoops after version 2.0.5 is bug

Zone-H doesn't list any of the above domains as being hacked / defaced; some of them return a 403 error, others load fine.
I just tried to run the thread through babelfish, but was unable to discern much from the translation. So far I see a lot of FUD and very little real information. I'm not saying that such a bug doesn't exist, but we definitely need to know more about the problem first. The best I could extract from the translation says that it only affects sites running PHP 5.

9
Mithrandir
Re: Warning - kernel Xoops after version 2.0.5 is bug

It IS April 1st, but I think it would be very poor form if this was an April Fool's joke.

10
giba
Re: Warning - kernel Xoops after version 2.0.5 is bug
  • 2005/4/1 10:20

  • giba

  • Just can't stay away

  • Posts: 638

  • Since: 2003/4/26


Quote:

topet05 enviou:
Aten??o: Eu aconselho a todos que tiverem sites em XOOPS para que desative-os até segunda ordem!
Um grupo americano de hackers já está sabendo da falha e est?o usando exploits para hackear os sites automaticamente!! A inten??o no caso é ganhar fama no mundo underground... agora ficou complicado....

Eis alguns sites que eu pude perceber que já sairam do ar ou foram hackeados:

http://xoops-modules.sourceforge.jp/
http://finalsolution.sourceforge.net/xoops/uploads/ (HACKEADO)
http://www.xoopsbrasil.com/
http://xoopsbrasileiro.codigolivre.org.br/
http://xoops.sourceforge.jp/
http://www.xoops-themes.org/
http://www.xoops-modules.com/
http://www.xoopsfactory.net/
http://www.xoops.astra-oreol.spb.ru/
https://xoops.org.cn/ (é o XOOPS China. Falei com o pessoal deste site, disseram estar migrando para o PHP5, pois n?o teria problema)

Muito cuidado porque o bicho tá pegando!

Abra?os e to correndo para o Mambo.


Login

Who's Online

355 user(s) are online (254 user(s) are browsing Support Forums)


Members: 0


Guests: 355


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits