Results 1 to 4 of 4
  1. #1
    Join Date
    Jun 2005

    Uploader script and malicious codes


    I just want to inform those of you who use uploading scripts to be wary that not all hosts support mod_php in the .htaccess.

    (I'm not a programmer, so I have no fricking idea what I'm saying, I just repeat it)

    For example, I was using celerondude's uploader script and someone uploaded a file disguised as a txt file: sa.php.txt.txt and attempted to run the code, but somehow mambo must have blocked it (don't know). Since when I opened the file, it had a drop down menu showing me my folder structure and a large gery button that read, "execute code". Now since I wasn't a programmer, I didn't know what code to input, but I tried to select a folder from the drop down menu, but it brought me straight to my web site instead of changing folders.

    So, I'm hoping that the uploader couldn't change any of my files (I really don't know). tech support was very helpful in protecting my account from future attacks by helping me configure my files to block php scripts.

    If you want to see my uploader (and help me test it) here it is:

    As you can see, the php files now show up as txt files to thwrat hacking attempts.

    Now, my question is, what can a person do to my web site *if* he was able to run a php script? Is it possible that he could gain access to my mambo admin section, or can he delete stuff, or can he just view my contents of my web page, ... what is the extent of damage?

  2. #2
    If someone managd to run a custom PHP script on your server then that person might have gotten any information from the database, delete any file, log in as administrator and tamper with your website as he/she likes.
    So the damage extent is pretty big.

  3. #3
    Join Date
    Apr 2005
    Canada... EH?!?

  4. #4
    Join Date
    Feb 2005
    I can't register a account so neither can I test it :\

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts