indexscript sql injection hole fix

[Smotmaheegan]

Look in the <META KEYWORD> or <META DESCRIPTION> field in your database. The plankton that do this sort of thing generally aren't very bright (even as far as plankton go!) They usually simply run a scipt that embeds a META REFRESH in one of these fields permitted to hold data that is (poorly sanitised and) used as raw HTML.

[Smotmaheegan]

One more thing. You might be able to evade this sort of outcome if you choose non-standard db prefixes. As mentioned earlier the pond life that do this are not that bright and usually do not consider non-standard prefixes when composing their scripts.

[st1905]

Thanks to hakon. The stupid morons searching for this allintext: "This site is powered by IndexScript" in google so i decided to do something different for them when they search and come via this referrer to my directory there will be a trojan waiting for them. My site was not patched and was not hacked but every single day i receive this referrers allintext: "This site is powered by IndexScript". I do have my backups and now applied the fix, lets hope morons die very soon.

I really dont know why milworm publishes these things to public? If they find a bug why they dont report it to the author only inspite of giving it to some stupid %0 brain morons (Aka lamers, script kiddies) ?

Thanks to creater of this beautiful script i`ll use it no matter how many idiots around my directory.

[imteaz]

ok i have done all manual code as you said.
but umm can you help me to fix it? please



just to let you know i got hacked 5 days ago. and i noticed it today.
im using index script version 2.4
please help....

[techpro]

Quote:

Originally Posted by st1905

i decided to do something different for them when they search and come via this referrer to my directory there will be a trojan waiting for them.

I understand your feelings entirely. I just looked at my weblogs and there are dozens of the b*st*rds. But not everyone searching for this string will necessarily be a hacker. (Actually w*nker might be a more appropriate description, since 99.9% of them will be thinking they are so smart copying the instructions someone else has worked out.) Someone might simply be trying to find how many IndexScript sites there are, or something like th*t.

[st1905]

Quote:

Originally Posted by techpro

I understand your feelings entirely. I just looked at my weblogs and there are dozens of the b*st*rds. But not everyone searching for this string will necessarily be a hacker. (Actually w*nker might be a more appropriate description, since 99.9% of them will be thinking they are so smart copying the instructions someone else has worked out.) Someone might simply be trying to find how many IndexScript sites there are, or something like th*t.

Most terrible thing is when they search for that string in google my website pops in the first page.(I mean if they search from my location of country)

Thats why i feel really angry for those stupid, no-life people.

[techpro]

Yep. The security nerds say there is no such thing as security by obscurity but these copyright strings just make it easy for hackers and spammers to find sites to attack. Too late to prevent the current problem but perhaps some slight change in the wording might help prevent any future attacks. Or of course one could purchase the right to remove it altogether.

I had a SMF Forum once which was plagued by spam and I had a long and hopeless argument with the developers who would not permit the changing of the copyright credit wording by one single byte nor replacing it with a GIF that looked exactly the same but could not be searched for as text.

[hakon]

well, that i'd say is that no script is truly secure... so backup often.