Dragonfly CMS v9 ⇒ Modules & Blocks :: Archives ⇒ Hack on my Site :: Archived ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexModules & Blocks

Archived ⇒ Hack on my Site


it was a redirect on my site from webalbania.com to vlora.it

The system has register this..

On /index.php
While executing query "INSERT INTO cms_msanalysis_online ( time, uname, agent, ip_addr, host, domain, modulename, scr_res, referral, ref_query ) values ( '2006-01-31 18:07:02', 'Guest', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Sgrunt|V109|17|S191239928|dial; EnergyPlugIn; dial; XBE|29|S04037620801143; (R1 1.5); snprtz|S04045866603162)', '192.168.203.11', '192.168.203.11', '11', '', '1024x768x24', 'www.webalbania.com', 'name=Your_Account&profile=roni">alert('foo')' )"

the following error occured: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'foo')' )' at line 1

In: /home/httpd/vhosts/webalbania.com/httpdocs/modules/DF_MSAnalysis/mstrack.php on line: 101

Guest information:
User id: 1
Username: Anonymous
Admin: No
IP: 80.105.110.114
Host: host114-110.pool80105.interbusiness.it


This was the first register and the second
On /index.php
While executing query "INSERT INTO cms_msanalysis_online ( time, uname, agent, ip_addr, host, domain, modulename, scr_res, referral, ref_query ) values ( '2006-01-31 18:18:20', 'Guest', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Sgrunt|V109|17|S191239928|dial; EnergyPlugIn; dial; XBE|29|S04037620801143; (R1 1.5); snprtz|S04045866603162)', '192.168.203.11', '192.168.203.11', '11', '', '1024x768x24', 'www.webalbania.com', 'name=Your_Account&profile=anyone">alert('vlora.it_siti_me_i_me_mire')' )"

the following error occured: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'vlora.it_siti_me_i_me_mire')' )' at line 1



On /index.php
While executing query "INSERT INTO cms_msanalysis_online ( time, uname, agent, ip_addr, host, domain, modulename, scr_res, referral, ref_query ) values ( '2006-01-31 18:20:51', 'Guest', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Sgrunt|V109|17|S191239928|dial; EnergyPlugIn; dial; XBE|29|S04037620801143; (R1 1.5); snprtz|S04045866603162)', '192.168.203.11', '192.168.203.11', '11', '', '1024x768x24', 'www.webalbania.com', 'name=Your_Account&profile=anyone">location='http://www.vlora.it/';' )"

the following error occured: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.vlora.it/';' )' at line 1


so when i try to open my web site the adress make on vlora.it

now is ok,but for the next they can do anymore time???

webalbania.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2


I'm having a hard time understanding how this is a hack. I am concerned as I maintain DF MSAnalysis and if there is an exploit, I want to know and fix it ASAP.

The error is comming from the double quote after &profile=anyone. That is ending the INSERT query.

- MusOX

../musox.com
Hosted by: Site5.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / 1.3.39 / 4.1.22 / 4.4.7 / 9.2.1


There are 2 exploits here:

SQL: the data inserted into the query is not escape_string()end

XSS: someone links to index.php?name=Your_Account&profile=roni">alert('foo') and tries if that opens up a security exploit.

example: dragonflycms.org/index...ofile=roni">test but as you see it fails here.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


As long as the issue is not with DFMSA, then I'm happy that we use Dragonfly. Very Happy

- MusOX

../musox.com
Hosted by: Site5.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / 1.3.39 / 4.1.22 / 4.4.7 / 9.2.1


today they have do the something....

Help me

webalbania.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2


albanialove wrote
today they have do the something....


Get rid of MSA

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


i have Get rid msa but the same...

webalbania.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2


1. i'm a visitor and don't see your XSS vulnerable block
2. server specs ?
3. browser ?
4. which non-certified add-ons are installed ?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


I'm on linux server.
Database: MySql
browser: for the moment int.Explorer

The same problem have all users....Is a really redirect on this site.

Today i have speak with director of host where i am and he have see the something..redirect.

The redirect is maket on all the files includes on MySql database so all on DragonFly

The "Hacker" has do a redirect for all the day...

every 30 min he do redirect for 3-5 min.

Probably broadcast?

So we want to know if is a server problem or Dragonfly?

webalbania.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2


Dragonfly version ?
User info block version ?
Other block that shows "Who is where" ?

Cos i've tested and the exploit he uses does not work on stock items.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


are all the newest versions Dragonfly 9.0.6.1

on January 24, 2006 i have update the site because i have change server so this where i am

dragonflycms.org/Forum...14628.html

webalbania.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2


if u try in a few moments you can see the redirect...

www.webalbania.com

webalbania.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2


loock this on my html page:

This are the users online:

2: <a href="index.php?name=Your_Account&profile=KLEOPATRA">KLEOPATRA</a> > <a href="/">Faqa kryesore</a><br />
3: <a href="index.php?name=Your_Account&profile=milano">milano</a> > <a href="/">Faqa kryesore</a><br />
<img src="images/blocks/visitors.gif" alt="" /> <span class="content"><b>Vizitor(ë):</b></span><br />1: <a href="/index.php"> Faqa kryesore</a><br />
2: <a href="/index.php?name=Your_Account&profile=anyone"><script>location='http://www.vlora.it/';</script>"> Your Account</a><br />3: <a href="/index.php?name=coppermine&file=displayimage&meta=lastcom&cat=0&pos=7"> Albumet Fotografike</a><br />
</td>

webalbania.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2


Ok i've figured it out.

My firefox encodes the url "> becomes %22%3E but IE and others don't encode it.
Due to this i thought we already covered the issue but it seems we didn't.

Get this fix dragonflycms.org/cvs/h...?v=9.24#85

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


I have coppy only this:
<?php function get_uri() { if (ereg('IIS', $_SERVER['SERVER_SOFTWARE']) && isset($_SERVER['SCRIPT_NAME'])) { $REQUEST_URI = $_SERVER['SCRIPT_NAME']; if (isset($_SERVER['QUERY_STRING'])) { $REQUEST_URI .= '?'.$_SERVER['QUERY_STRING']; } } else { $REQUEST_URI = $_SERVER['REQUEST_URI']; } # firefox encodes url by default but others don't $REQUEST_URI = urldecode($REQUEST_URI); # encode the url " %22 and <> %3C%3E $REQUEST_URI = str_replace('"', '%22', $REQUEST_URI); $REQUEST_URI = preg_replace('#([\x3C\x3E])#e', '"%".bin2hex(\'\\1\')', $REQUEST_URI); $REQUEST_URI = substr($REQUEST_URI, 0, strlen($REQUEST_URI)-strlen(stristr($REQUEST_URI, '&CMSSESSID'))); return $REQUEST_URI; }

Thax DjMaze you are the best on here.

Roni

webalbania.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2

All times are UTC