On Wed, Jan 30, 2013 at 5:08 PM, Michael Petch <mpe...@capp-sysware.com>wrote:
> On 2013-01-30 08:41, Øystein Schønning-Johansen wrote: > > Something like that. I've cleaned out the shit, and I think it works > > agian, but I guess the PHP injection hole is still there. I can check > > the access logs and the other logs I got. The attack was performed > > yesterday. > > Thnaks to Louis for reorting this in the first place. > (Good spelling, Øystein!) > > > > I noticed that the board images that are on the right hand side of the > www.gnubg.org main page don't appear properly. I also observed for the > last few minutes that if you paste this command into the browser you get > redirected to that fantasy site: > > http://www.gnubg.org/phpThumb/phpThumb.php?src=/shots/gnubg_win.png&w=140 > > While I was writing this email it seems to have been corrected, but it > has me wondering if phpthumb was the point of attack, as mentioned here: > > http://forums.modx.com/index.php/topic,55314.0.html > > I think you're spot on! I'll see if I can close these vulnerabilities later this week. Maybe time to update nucleus as well... -Øystein
_______________________________________________ Bug-gnubg mailing list Bug-gnubg@gnu.org https://lists.gnu.org/mailman/listinfo/bug-gnubg
