Site Sift Listings Directories Hacked

Today i was checking my directories and found one of our directory powered by site sift listings was hacked, when contacted the host they said.. "The hack seems to have come via the software used in the domain" Script is vulnerable to SQL injections.

i restored it, but again it was hacked after few hours Temporarily i have taken down the site

no response at ssld forum: forum.site-sift.com/thread3262.html

Any one knows how to deal with it?

 

I just noticed that I have a similar problem with my legal directory.

 

Same here mine is also hacked. http://www.frsirt.com/english/advisories/2008/1120 ... I see the threat being made public.

 

Sorry to hear that, unfortunately it looks like hundreds of you are going to be affected.

I can sympathise, ive been a victim before, not of this script.

 

This vulnerable has been posted/made public on hundreds of security sites, google already shows 2000 results for "Site Sift Listings SQL Injection" keyword

I guess most of the directories using this script will be affected

 

Yeah the news spreads fast unfortunately, as we type they will be trashing another directory on the script.

 

Need to backup data and wait for the fix now. It is really sad to see hackers after this script.

 

SSL directory hacked~!!!

http://www.worldforumdirectory.com

 

Please see the post here http://forum.site-sift.com/showthread.php?t=3262 I explain how to make a simple fix to the problem so that the exploit can't get at your admin username/pswd.

Hope this helps,
Phil

 

Phil
Thanks very much for this, I've used it - hope it works!
Cheers

 

at least he said sorry

from worldforumsdirectory

Hacked By ALQAWAFI



Hack

ALQAWAFI



Sorry To Admin

 

Thanks for the heads up on this .

 

I have the code for the hack, I don't think I am allowed to post here, but mabye someone with more php knowledge would be able to patch it for people until the developers do something.

 

Don't post the code or anything related here, it could create copycats. Pass it on to the owners of that script, its their responsibility and I'm sure they'll try to fix it.

I Hope every victim recovers, and as others have said, BACK UP.

 

Yeah I wont, I didn't think about passing it on thought but I will now.

 

that script very simple and easy to use i like that script... but i afraid my directory will be hack so i change it to another directory script...

i hope they will give a good support after this

 

Come along to phplynx if you want, we'll be happy to help.

 

my site - sift script directory was hacked too. what is wrong?

 

i fixed the prob via the thread: http://forum.site-sift.com/thread3262.html