URGENT: FA-PHPHosting, PHPClique, PHPCalendar, PHPCurrently, PHPFanBase, PHPQuotes

**Kayla** · March 7th, 2006, 10:20 PM

If you use any of the following scripts:

FA-PHPHosting
PHPClique
PHPCalendar
PHPCurrently
PHPFanBase
PHPQuotes

Please disable them immediately or use the fix specified below. There are serious exploits going around the net right now and have been for the past few months. All of these scripts are made by http://codegrrl.com/ and have a ridiculously easy hole in them:
"

include($logout_page);
"
This allows an attacker to include whatever code they wish into the php file and run the commands.
To avoid getting your site defaced, we recommend you either remove the protection.php file asap, or edit it and remove that line above.

March 7th, 2006, 10:20 PM	#1 (permalink)
Kayla Marketing Maven Surpass Staff Joined in May 2003 Lives in Orlando 24,749 posts Gave thanks: 946 Thanked 806 times	URGENT: FA-PHPHosting, PHPClique, PHPCalendar, PHPCurrently, PHPFanBase, PHPQuotes If you use any of the following scripts: FA-PHPHosting PHPClique PHPCalendar PHPCurrently PHPFanBase PHPQuotes Please disable them immediately or use the fix specified below. There are serious exploits going around the net right now and have been for the past few months. All of these scripts are made by http://codegrrl.com/ and have a ridiculously easy hole in them: " include($logout_page); " This allows an attacker to include whatever code they wish into the php file and run the commands. To avoid getting your site defaced, we recommend you either remove the protection.php file asap, or edit it and remove that line above. __________________ Follow Surpass on Twitter and Facebook Check out the Surpass Blog

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)