 I got this via email, why is there a url for dream holiday?
Total impact: 6 Affected tags: xss, csrf, id Variable: REQUEST.sIncPath | Value: http://www.atdreamholiday.com//smf/Themes/fx1.txt? Impact: 3 | Tags: xss, csrf, id Description: Detects common comment types | Tags: xss, csrf, id | ID: 35 |
Because the owners of atdreamholiday.com don't know how to secure their server and someone has placed a "shell" there. Hackers always put their tools on someone elses server to help avoid getting caught. So that directory (smf/Themes) was set to 777 and they were able to place their file there.
Now step 2 is to use that file to get access to your server. They are trying to use url_include and the sIncPath varible to put it on your server. BUT Dolphin's new security caught it and stopped it (I hope). My question is if I upgrade to 7.0 am I going to get those emails constantly? People try this all day long so hopefully you can turn the notifcation off. |
