SQL injection in the banner.php code?

elta68 · 21.02.2005, 22:19

I have since 4 days, SEF404 installed, that is why while looking at the 404 logs I found 2 unusual url try:

/Mambo//banners.php?op=click&bid=100%20UNION%20select%20pa ssword%20from%20mos_users%20where%201=1%20

It seems someone is trying to inject some sql...is it a known vulnerability, or only a fool?

beside that, a lot of pirate are using google to locate mambo site (I see the request and referer in webanalyser): trying to access my admin panel for example.

I also get some spams in com_akobook (it is a robots always trying to post some publicity for pills)

do someone notice the same in his site????

MrSleep · 28.02.2005, 08:43

You are under attacking!

Dont worry, banners.php not vulnerability to exploit by sql inj. But take care your site. G'luck!

elta68 · 28.02.2005, 09:44

what do security guy recommend? reduce surface of attack and unpublish as many modules and component as required? watch logs? Backup is done. cedric

MrSleep · 28.02.2005, 10:38

No more,
1. chmod configuration.php to 644.
2. Do not use database password same like ftp password.
3. Administrator directory requires a password to access via the web (by htaccess).
4. Do not chmod folder to 777 if no need (To prevent upload trojans, backdoor).
5. Upgrade your server and your mambo to lates version.
6. And backup your database daily.

G'luck,
MS