Tweet
Site Exploited
Okay, here is what I know right now and am learning more as I go.
I run 3.7.2
They uploaded a malicious file google.js which was sending people to a russian site.
Then they uploaded two different files directly into the customavatar folder
./customavatars/adm.php
One of those was a program called adminer 2.3.1
Screen shot:
They also uploaded another file that I'm not sure what it does...
it was ./customavatars/setting.php
This one only has a password.
I have removed all files but would like help in knowing where the vulnerabilities are!! I have removed the ability for people to upload custom avatars for the time being because I assume that is how this happened.
Thoughts?
I run 3.7.2
They uploaded a malicious file google.js which was sending people to a russian site.
Then they uploaded two different files directly into the customavatar folder
./customavatars/adm.php
One of those was a program called adminer 2.3.1
Screen shot:
They also uploaded another file that I'm not sure what it does...
it was ./customavatars/setting.php
This one only has a password.
I have removed all files but would like help in knowing where the vulnerabilities are!! I have removed the ability for people to upload custom avatars for the time being because I assume that is how this happened.
Thoughts?
Comment