Surpass Web Hosting Forums - View Single Post

**Kayla** · March 8th, 2006, 7:16 PM

If you use any of the following scripts:

FA-PHPHosting
PHPClique
PHPCalendar
PHPCurrently
PHPFanBase
PHPQuotes

Please disable them immediately or use the fix specified below. There are serious exploits going around the net right now and have been for the past few months. All of these scripts are made by http://codegrrl.com/ and have a ridiculously easy hole in them:
"

include($logout_page);
"
This allows an attacker to include whatever code they wish into the php file and run the commands.
To avoid getting your site defaced, we recommend you either remove the protection.php file asap, or edit it and remove that line above.

March 8th, 2006, 7:16 PM	#2 (permalink)
Kayla Marketing Maven Surpass Staff Joined in May 2003 Lives in Orlando 24,748 posts Gave thanks: 946 Thanked 806 times	If you use any of the following scripts: FA-PHPHosting PHPClique PHPCalendar PHPCurrently PHPFanBase PHPQuotes Please disable them immediately or use the fix specified below. There are serious exploits going around the net right now and have been for the past few months. All of these scripts are made by http://codegrrl.com/ and have a ridiculously easy hole in them: " include($logout_page); " This allows an attacker to include whatever code they wish into the php file and run the commands. To avoid getting your site defaced, we recommend you either remove the protection.php file asap, or edit it and remove that line above. __________________ Follow Surpass on Twitter and Facebook Check out the Surpass Blog