Please Check!!

**dePaulus** · 02-12-2008, 01:07 PM

Hi.
Don't really know where to post this, but about 4 days ago I started getting a wave of traffic, and they all used the folowing google querie..

" inurl:top_rated.php + indexu "

Now I know this ( dork) usually means that somewhere a vunerability issue has been posted on the boards, and the kiddies are using the "dork" to find the script, in this case IndexU..

I have had a handful of people register "porn sites" and "pharma's" as far as I can see no damage done, i deleted the accounts.. some also came from here..
http://www.abnobis.com/webmaster/admin_login.php

I don't know much about this, but hopefully someone can look into this, and see what the deal is??

Thanks

de P

**FSGDAG** · 02-12-2008, 03:28 PM

Doing a Google search of this turns up that there was a vulnerability in version 5.0 and 5.1. If your using the latest version, I dont think this will be an issue for you.

Maybe people are still looking for old versions of the script out there.

**Bruceper** · 02-12-2008, 03:33 PM

inurl:top_rated.php <-searches for any file "in" the URL, which means *.*/top_rated.php

+ <- pretty obvious

indexu <- must contain the word "indexu" ie "powered by indexu"

This is a WAY old exploit for version 5.00 and 5.01

See http://securitytracker.com/alerts/2006/Apr/1015891.html

**Bruceper** · 02-12-2008, 03:34 PM

As a followup, please note that FSGDAG is incorrect in his version, 5.1 was NOT vulnerable, 5.01 is.

Also note that this is still a popular exploit because the loser warez kiddies still keep using 5.01 because they're too cheap to pay for it and too dumb to patch it.

**dePaulus** · 02-12-2008, 04:11 PM

Thank you for clearing this, I feel alot better now that it is an old exploit,
Stange that it suddenly popped up again, the article must have been re-published again.. Romania, going buy the traffic I'm getting..

Thanks Again for clearing it up.

de P.

**FSGDAG** · 02-12-2008, 06:37 PM

Originally Posted by Bruceper

As a followup, please note that FSGDAG is incorrect in his version, 5.1 was NOT vulnerable, 5.01 is.

I must have missed the "0" when I was typing it out.

**Bruceper** · 02-12-2008, 09:09 PM

Not a problem, I just didn't want people to see the thread and panic

Thread: Please Check!!

Thread Tools

Display

Please Check!!

Similar Threads

Check out this one out!

Please check this....

Fixed: admin check cat-structure check

Admin check category structure should check all !!

Check of the URL

Posting Permissions