Some f***face tried to hack my server, though a script, a PHP Shell script, making it possible for him to execute
commands on the unix box.
The exploit is in the outputs, you can create a template called file.php, enter some php code, and then enter the
filename into the browser.
So, this kiddie (208.131.172.137, some jamaican), made a new output in the demo, called it mail.php, and pasted the
sourcecode from the PHP shell into the template.
Saved the output, and tried to enter /linkex/mail.php from the browser. Luckily there were no links assigned to this
output, so the output was empty.
Now I have updated the .htaccess file on the demo, so only the index.php file can be accessed.
If you have it installed, I don't guess you try and enter a shell script into the template :)
commands on the unix box.
The exploit is in the outputs, you can create a template called file.php, enter some php code, and then enter the
filename into the browser.
So, this kiddie (208.131.172.137, some jamaican), made a new output in the demo, called it mail.php, and pasted the
sourcecode from the PHP shell into the template.
Saved the output, and tried to enter /linkex/mail.php from the browser. Luckily there were no links assigned to this
output, so the output was empty.
Now I have updated the .htaccess file on the demo, so only the index.php file can be accessed.
If you have it installed, I don't guess you try and enter a shell script into the template :)