indexscript sql injection hole fix

[rankappeal]

Hi gkd_uk

The Fix Would not work before maybe due to me making changes to the original file to include an image. But I have managed to fix the fix so that i can have my image again without losing all subcats as stated in first post.

[patataur]

thanks hakon

[colbyt]

Quote:

Originally Posted by Raven

Mine was hacked too....over 2000 urls gone, and 100+ categories..gone.

--<Hacked by y0n4s >--

Is what it says in the title header

And I couldn't log in.

Thanks for this fix Hakon

Unless the hacker spent a lot of time manually deleting stuff, most likely the data is still there. Don't panic yet.

Try reinstalling the cats table only from backup and see if the data is still there.

Make a backup of the corrupt DB before you start, just in case.

Of course they could have done anything the admin could do from the admin panel. Just depends on how much time they wanted to spend doing it.

[Raven]

heh no they where gone. I re-inserted some of the cats from my test site and there where no errors saying that the cats already existed. I even looked at the dir_cat table first to see if they where still there or been deleted.

The only thing else they did in the admin panel was change the meta title, meta description and set the 'Stop accepting URLS' to 'Yes'...and thats it, I think I got lucky.

[_JB_]

Hi all, well my sites were hacked again overnight. I've now applied the patch, cheers Hakon, hope it works OK.

This time the hacker did delete data as Raven experienced, they deleted dir_cat and more worringly dir_url.

Anyway I'm keeping my fingers crossed this time (plus backups have been taken)

JB

[rankappeal]

I have noticed that quite a few indexscript web directories still have not been unhacked... Mostly the problem seems to be that cat names have only been changed, which is what happened to mine on wednesday this is easily fixed just rename your categories upload the new utils.php file and change your passwords.... The second and worst is what happened to my site on thursday they renamed my categories and other editable areas ie: meta tags with a redirect command taking me to that f**ing duck page in which case you need to download a backup of your data base and manually remove all the redirect commands then start a fresh data base... just a little bit more technical.. keep original copy at all times just in case.... when you are back up and running get back into admin and replace that what was corrupted..... LET THIS BE A STARK REMINDER TO BACKUP ON A REGULAR BASIS!! If anyone is in need of help with SQL backup files just IM me
Also my payment module settings where also changed

[hakon]

thanks guys... there were 2 problems:

1. first was that the utils.php file had a function that is supposed to preparesql statements to avoid injection. however, there was a small hole in there which i tightened.

2. second was that although i had used that function in all the php files, i forgot to use that function in the other functions in the utils.php file itself.

bad coding on my part - sorry guys...

my site was hacked too... but they only changed category names... and was easy to recover. what what you guys posted, it seems that they deleted data in some of your directories...

[gkd_uk]

Thanks for the fix Hakon

and thanks Colbyt for checking my site after I had applied the fix - thanks

[techpro]

Yes, thanks for the fix. And timely perhaps to give a plug for my cPanel backup utility .

Hakon, if you want a copy, drop me a note and you can have a free reg code. I'm sure you back up already but the tool just makes it easier.

[hakon]

colbyt has been a great help in identifying the problem... thanks!