Today i was checking my directories and found one of our directory powered by site sift listings was hacked, when contacted the host they said.. "The hack seems to have come via the software used in the domain" Script is vulnerable to SQL injections. i restored it, but again it was hacked after few hours Temporarily i have taken down the site no response at ssld forum: forum.site-sift.com/thread3262.html Any one knows how to deal with it?
Same here mine is also hacked. http://www.frsirt.com/english/advisories/2008/1120 ... I see the threat being made public.
Sorry to hear that, unfortunately it looks like hundreds of you are going to be affected. I can sympathise, ive been a victim before, not of this script.
This vulnerable has been posted/made public on hundreds of security sites, google already shows 2000 results for "Site Sift Listings SQL Injection" keyword I guess most of the directories using this script will be affected
Yeah the news spreads fast unfortunately, as we type they will be trashing another directory on the script.
Please see the post here http://forum.site-sift.com/showthread.php?t=3262 I explain how to make a simple fix to the problem so that the exploit can't get at your admin username/pswd. Hope this helps, Phil
I have the code for the hack, I don't think I am allowed to post here, but mabye someone with more php knowledge would be able to patch it for people until the developers do something.
Don't post the code or anything related here, it could create copycats. Pass it on to the owners of that script, its their responsibility and I'm sure they'll try to fix it. I Hope every victim recovers, and as others have said, BACK UP.
that script very simple and easy to use i like that script... but i afraid my directory will be hack so i change it to another directory script... i hope they will give a good support after this