LinkBack URL
About LinkBacks
Critical aeDating Security Issue - With Fix
Critical Security Issue
This security issue exists in all 3.x versions of aeDating. It is unknown at this time if it exists in 2.x or before.
It allows a malicious user to retrieve the password for the admin panel from the database, or other information.
After they retrieve this password, they often login to the admin panel, and use the language file editor to upload a php shell, normally R57SHELL. Using this shell, they can perform various functions on your site, depending on your file security settings.
This has happened already to several aeDating users, some of which suffered minimal damage, while others experienced more disruption.
This exploit has been detected in this file:
news_view.php
Even if you don't use the news function on your site.... if the file news_view.php exists, and is web accesable - you can be exploited.
If you don't use news - you should delete, rename, or chmod this file to deny access. Or apply the patch below:
To prevent your site from being attacked using this exploit, you should do the following:
1) Edit your news_view.php file
2) Find this line:
3) After this line, add:Code:if ( !strlen($ID) ) $ID = 0;
The net effect of this that the current exploit is stopped. In addition, the number of news articles on your site is limited to 999. This should be fine for most all aeDating installations. If you need more articles, you can increase the value of "strlen($ID) > 4" - for example, "5" would allow you to have 9999 news articles.Code:// ModMySite.Com - Close exploit that allows viewing of admin password, and other information if ( strlen($ID) > 4) $ID = 0;
In addition to applying this fix, you should highly consider .htaccess protecting your admin folder. You can do this easily through your server control panel (CPanel/Pleask/DirectAdmin). You should use a different password for .htaccess then you use for your aeDating admin panel - in effect, giving you "double security".
After you apply this fix, you should change your aeDating admin password using the aeDating admin control panel. If you know how to use phpMyAdmin, you should consider changing the admin username also.
How can you tell if you have already been exploited? This may be difficult - but one indication is the presense of files in your /langs directory other than the lang-English.php (or whatever other languages you are using) file.
Credits: This exploit was reported to ModMySite by Forplaz. He supplied me his server logs so the exploit could be discovered and fixed. Many thanks to Forplaz for his willingness to share his server logs to rectify this issue.
Smoge
Reply With Quote
Originally Posted by Modified
Bookmarks