Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Hacked by aLpTurkTegin, help patching this hole

Re: Hacked by aLpTurkTegin, help patching this hole

From: Danux <danuxx_at_gmail.com>
Date: Thu, 22 May 2008 11:45:45 -0500

Hi,

Well, when using, php apps, its common to find flaws related to what
is called LFI (Local File Inclusion), there are a lot of cases in
phpmyadmin, mambo, joomla, so on, also if you have your own
applications written in php you should try to avoid this.

There are a lot of flaws related to PHP, and as i mentioned if you
have LFI bugs, its almost a fact that your site will be hacked.
Try to see in your error_log from apache if there is php code inserted
into it. its common to insert things like <?
stripslashes(passthru($cmd)) ?> to bypass magic_quotes_gpc

But, the best thing to do is to analyze your sites with some tools
like Acunetix, nikto, code review and patch all bugs founded.

Hope this helps.

On Tue, May 20, 2008 at 7:46 AM, Mifa <mifa_at_stangercorp.com> wrote:
> Our website was defaced by aLpTurkTegin. We are running apache, php ect. Does anyone know how this hacker is getting in and what I can do to prevent this?
>
> Our main web directory had all but one file deleted and hackedIndex.php, a.asp(a 0 byte file) and trustscn_put_test2 were placed into the main directory. The fact that the webserver served hackedindex.php makes me think its a apache web server flaw.
>
> Any comments, suggestions?
> Thanks, -D
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
> 

-- 
Danux, CISSP, OSCP, ISO27001
Offensive Security Consultant
Macula Security Consulting Group
www.macula-group.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 22 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos