• 16-10-2009, 09:54:26
    #1
    Arkadaşlar merhaba, uyarı niteliğinde bi index atılmış sanırım index.php dosyasını ekliyorum açık nerede olabilir.. yada bu sorunu nasıl çözebilirim?
    <?php
    define('IN_PHPBB', true);
    $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);
    include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
    // Start session management
    $user->session_begin();
    $auth->acl($user->data);
    $user->setup('viewforum');
    display_forums('', $config['load_moderators']);
    // Set some stats, get posts count from forums data if we... hum... retrieve all forums data
    $total_posts	= $config['num_posts'];
    $total_topics	= $config['num_topics'];
    $total_users	= $config['num_users'];
    $l_total_user_s = ($total_users == 0) ? 'TOTAL_USERS_ZERO' : 'TOTAL_USERS_OTHER';
    $l_total_post_s = ($total_posts == 0) ? 'TOTAL_POSTS_ZERO' : 'TOTAL_POSTS_OTHER';
    $l_total_topic_s = ($total_topics == 0) ? 'TOTAL_TOPICS_ZERO' : 'TOTAL_TOPICS_OTHER';
    // Grab group details for legend display
    if ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel'))
    {
    	$sql = 'SELECT group_id, group_name, group_colour, group_type
    		FROM ' . GROUPS_TABLE . '
    		WHERE group_legend = 1
    		ORDER BY group_name ASC';
    }
    else
    {
    	$sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_type
    		FROM ' . GROUPS_TABLE . ' g
    		LEFT JOIN ' . USER_GROUP_TABLE . ' ug
    			ON (
    				g.group_id = ug.group_id
    				AND ug.user_id = ' . $user->data['user_id'] . '
    				AND ug.user_pending = 0
    			)
    		WHERE g.group_legend = 1
    			AND (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')
    		ORDER BY g.group_name ASC';
    }
    $result = $db->sql_query($sql);
    $legend = array();
    while ($row = $db->sql_fetchrow($result))
    {
    	$colour_text = ($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . '"' : '';
    	$group_name = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
    	if ($row['group_name'] == 'BOTS' || ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')))
    	{
    		$legend[] = '<span' . $colour_text . '>' . $group_name . '</span>';
    	}
    	else
    	{
    		$legend[] = '<a' . $colour_text . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . $group_name . '</a>';
    	}
    }
    $db->sql_freeresult($result);
    $legend = implode(', ', $legend);
    // Generate birthday list if required ...
    $birthday_list = '';
    if ($config['load_birthdays'] && $config['allow_birthdays'])
    {
    	$now = getdate(time() + $user->timezone + $user->dst - date('Z'));
    	$sql = 'SELECT user_id, username, user_colour, user_birthday
    		FROM ' . USERS_TABLE . "
    		WHERE user_birthday LIKE '" . $db->sql_escape(sprintf('%2d-%2d-', $now['mday'], $now['mon'])) . "%'
    			AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')';
    	$result = $db->sql_query($sql);
    	while ($row = $db->sql_fetchrow($result))
    	{
    		$birthday_list .= (($birthday_list != '') ? ', ' : '') . get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']);
    		if ($age = (int) substr($row['user_birthday'], -4))
    		{
    			$birthday_list .= ' (' . ($now['year'] - $age) . ')';
    		}
    	}
    	$db->sql_freeresult($result);
    }
    // Assign index specific vars
    $template->assign_vars(array(
    	'TOTAL_POSTS'	=> sprintf($user->lang[$l_total_post_s], $total_posts),
    	'TOTAL_TOPICS'	=> sprintf($user->lang[$l_total_topic_s], $total_topics),
    	'TOTAL_USERS'	=> sprintf($user->lang[$l_total_user_s], $total_users),
    	'NEWEST_USER'	=> sprintf($user->lang['NEWEST_USER'], get_username_string('full', $config['newest_user_id'], $config['newest_username'], $config['newest_user_colour'])),
    	'LEGEND'		=> $legend,
    	'BIRTHDAY_LIST'	=> $birthday_list,
    	'FORUM_IMG'				=> $user->img('forum_read', 'NO_NEW_POSTS'),
    	'FORUM_NEW_IMG'			=> $user->img('forum_unread', 'NEW_POSTS'),
    	'FORUM_LOCKED_IMG'		=> $user->img('forum_read_locked', 'NO_NEW_POSTS_LOCKED'),
    	'FORUM_NEW_LOCKED_IMG'	=> $user->img('forum_unread_locked', 'NO_NEW_POSTS_LOCKED'),
    	'S_LOGIN_ACTION'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'),
    	'S_DISPLAY_BIRTHDAY_LIST'	=> ($config['load_birthdays']) ? true : false,
    	'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&amp;mark=forums') : '',
    	'U_MCP'				=> ($auth->acl_get('m_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=front', true, $user->session_id) : '')
    );
    //-- mod: Prime Login via E-Mail --------------------------------------------//
    	include($phpbb_root_path . 'includes/prime_login_via_email.' . $phpEx);
    	$prime_login_via_email->update_label();
    //-- end: Prime Login via E-Mail --------------------------------------------//
    // Output page
    page_header($user->lang['INDEX']);
    $template->set_filenames(array(
    	'body' => 'index_body.html')
    );
    page_footer();
    ?>
  • 16-10-2009, 11:13:54
    #2
    Bunlarda sitenin şu anda index'inde bulunan kodlar..
    ,<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
      <title>Uyarı By-TaipaN-X / Turksecurity.Us Hacking Security Platform</title>
      <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-9">
      <style type="text/css">BODY {
    BACKGROUND-COLOR: #000000
    }
    .style1 {
    FONT-SIZE: 60px; COLOR: #GRAY; FONT-FAMILY: Verdana
    }
    .style2 {
    COLOR: #999999; FONT-FAMILY: Fixedsys
    }
      </style>
      <meta content="MSHTML 6.00.2900.2180" name="GENERATOR">
    </head>
    <body style="background-image: url(http://img225.imageshack.us/img225/1943/abstractgrungered1tg6.jpg);">
    <div align="center">
    <p style="color: rgb(153, 153, 153);"><strong><span class="style1"><font color="gray"> ByTaipaN-X </font></span></strong></p>
    <p class="style2"><font color="gray"><font color="red"><font color="red"><font color="white">&nbsp;</font></font></font></font></p>
    <p class="style2"><font color="gray"><font color="red"><font color="red"><font color="white">&nbsp;<img style="width: 400px; height: 200px;" alt="" src="http://img99.imageshack.us/img99/5373/ultraslan2p.jpg"></font></font></font></font></p>
    <p class="style2"></p>    
    <p class="style2"><font color="gray"><font color="red"><font color="red"><font color="white">ByTaipaN-X - JOK3R -_-S.W.A.T - FreWaL AV BAŞLADI...!
    .</font></font></font></font></p>
    <p class="style2"></p>
    <p class="style2"><font color="gray"><font color="red"><font color="red"><font color="white"><br>
    Hacking Security Platform&nbsp;<font color="red"> Turksecurity.Us & AvciHack.Com</font>
    Bekleriz&nbsp;<font color="red"></font>
    </font></font></font></font></p>
    <p class="style2"><font color="gray"><font color="red"><font color="red"> JOK3R Says:Eğitim Şart..!
    </font></font></font></p>
    <p class="style2"><font color="gray"><font color="red"><font color="red"><font color="white">
    &nbsp; &nbsp; &nbsp; &nbsp;Mailto: by.taipan@W.cn  </font></font></font></font></p>
    <p class="style2"><font color="gray"><font color="red"><font color="red"><font color="red">ByTaipaN-X # UMUT # _-S.W.A.T-_ # furious # ByMsDoS # JOK3R # FreWaL # Gu@rdion # _-Explorer-_  # JOK3REEM # Rosemary</font></font></font></font></p>
    <p class="style2"><font color="gray"><font color="red"><font color="red"><font color="white">Güvenlik açıklarınızı kapatın bilmiyorsanız yardımcı olalım İletişim Turksecurity.Us
    </font></font></font></font></p>
    <font color="gray"><font color="red"><font color="red"><font color="white"> </font></font></font></font></div>
    <bgsound src="http://www.artistunderground.net/modules/mp3/song1.mp3" loop="-1">
    </body>
    </html>
    						<script language="javascript" src="/mynet_sistem/hostingad.js"></script><script language="javascript" src="http://mysite.mynet.com/common/hostingad_1.js"></script>
  • 16-10-2009, 14:50:15
    #3
    Üyeliği durduruldu
    phpBB3'ün bilinen büyük bir açığı olduğunu sanmıyorum.
    Birçok kişi phpBB3 kullanıyor ve böyle sorunlar çok nadir oluyor.
    Kurmuş olduğun bir eklentiden kaynaklanıyor olabilir
  • 16-10-2009, 14:59:16
    #4
    prefix değiştirin
    admin yolunu değiştirin ve klasörü şifreleyin
    admin grup ID lerini değiştirin
  • 17-10-2009, 07:39:57
    #5
    Açık phpBB3 te değildir, eklentide, sunucuda, shell olayları vb.. phpBB3 üzerinden yapılma ihtimalini sadece eklentiler mümkün kılabilir. Yaygın olay ise veritabanına erişip ilk konunun açıklasına html sokmak. config.php yi kriptolayın derler pek çok yazıda, ama hiçbir işe yaramaz, basit bir echo veya include ile ile alınabilir ayarlar.
  • 08-11-2009, 00:34:25
    #6
    Üyeliği durduruldu
    aynı adam Vbulletinde hackledi.