My site: http://www.koolkidz.co.uk has been hacked. I have no idea where the vulnerability came from but it's AvArcade v3 if that's any help. Please help, I have no idea what to do!
First thing, is to not take it personally, because your not the only AVArcade site to get hacked in the last couple of days. There seems to be 100`s of AVArcade sites that have been hacked including one of mine. The people on Zone-H have hacked over 1,000 sites in the last 2 days http://www.zone-h.org/index.php?option=com_attacks&Itemid=45 dont click on any of the sites that have been hacked though, as there are some that have been planted with trojans. You will probably not be able to log in to your admin, as it is likely your password has been changed, so you will have to sign up for a new account and use phpmyadmin to give your new account admin rights. Log in to admin and put your site back to where it was, then use phpmyadmin to remove admin rights, or you could try what I did, and password protect my admin folder with a ridiculously long password. There will probably be more info about this vulnerability later?
Hi there, Everyone should download this file: avscripts.net/avarcade/securityfix.zip And then upload it to your main AV Arcade directory. I hope this plugs the exploit. Please tell me if you use this new file and still get hacked. Andy
The fix is out now: http://avscripts.net/downloads/index.php?action=showcatfiles&cat_id=2&cat_name=AV Arcade Make sure in the admin you are using version 3.1.4, it is not the only secure version of AVA, so everyone must update. It only modifies admin files so no worried about loosing site content. Andy
Updates mean nothing if you don't understand what caused the insecurity. Firstly, this script was flawed because of the way cookies were issued. Gaining administrative access was easy because the cookies can be manipulated in values. The PHP script that "validates" the cookie value only checks the ID, and not the legit authentication/authorization. I've also audited the source code and it appears that a remote buffer overflow exploit can be executed. Yet another exploit I found was through its SQL database. You are able to SQL Inject commands that allow to dump the ID (login information) from the form at view_page.php. I would suggest developing your own custom script or PM me for a sample security assessment. It costs nothing and it's able to tell you whether the web applications on your server are stable/secure or vulnerable.
I know many here already gave you the cure but its usually very useful to get in contact with your hosting company with something like this. One of my old sites on a PhpBB3 board had a n exploit. Guy got in, had ACP and FTP access... luckily I had my host put my site offline just long enough for me to find the fix then put it into effect before the hacker to do much damage.
Well, you looked through the source code apparently and found a sql injection vulnerability in view_page.php. Now are you totally sure you downloaded the script, and found that vulnerability? Show me then, in that file, where the vulnerability lies.
Exploit: /index.php?task=view_page&id=-1%20UNION%20SELECT%201,username,password%20FROM%20ava_users%20WHERE%20id=1 Example: http://www.yourgame.org/index.php?t...1,username,password FROM ava_users WHERE id=1 ^ Remote SQL Injection. Don't sit around here and doubt me. I highly suggest you do your work before you run your mouth. This is a forum, and as a community, we're here to establish help. If you feel like attacking people personally, go else where.
Yes, this would be an impressive find... but you are almost a year late. You see, you haven't looked at the source have you? You just googled AVA exploits and found a page all about view_page.php. This was an exploit found in version 2 of AV Arcade, this is now version 3.1.4. Try the link on AVA v3 sites, it doesn't do a thing. If you had looked at the source code, you would have seen it was fixed. Same goes with the admin cookie exploit. And as for remote buffer overflow exploit... well, the word 'fabrication' comes to mind.
Do you even know what a buffer overflow is? It is when a data (a variable) is too large for it's allocated memory and no bounds checks are in place resulting in it writing to memory adjacent to it. If this sort of exploit existed in a PHP script it would be an issue with PHP itself.
Don't sit here and teach me anything like that again. If you ever disrespect me again, I can assure you that if you want to start something personal with me, you'll run a long crying. Why don't you PM me your IP? I'm here to help people out, don't mess with someone who has a bigger authority than you. Someone who can teach you a lesson, believe it or not. I'll be expecting your PM.
I'm a year late? The source code is freely available. Pay attention to what I say because I'm not here to con you. I downloaded the source code to his older version, found these issues and then confirmed they were existent upon the authors' who reported them. They were there, and I was able to find them. I'm not "late" in anything. If it's patched, well duh. But what he had was not secure.
His version was still version 3. The problem was fixed in a later version of v2. If you had downloaded AVA even within the last year, you would have gotten the secure version. You simply went to this website and copied the information. You even copied the exact link including "yourgame.org". And you completely invented the 'remote buffer overflow exploit', because there is no such thing concerning php. You've been caught out. So stop with your stupid lies now and go occupy yourself with something worthwhile.
This. I'd recommend making backups of your DB and uploaded files etc.. every day if not more if possible. Can always restore, you'll be kicking yourself if it happens again.