ddlcms exploit

[narutoroot]

Does anyone know the ddlcms exploit so i can patch it?

narutoroot Reviewed by narutoroot on 17th Sep 2009. ddlcms exploit Does anyone know the ddlcms exploit so i can patch it? Rating: 5

[Hyperz]

If you can patch exploits it shouldn't be hard to find the exploit if any exist

[narutoroot]

of c ourse i want like what to replace and stuff. plus i dont have time to look through the whole script lol

[Zero - HosterBin]

Yes there are exploits for it.

[Hyperz]

Can you even confirm someone has found an exploit in the script and isn't just exploiting poorly secured sites (server config or whatever)? Well either way, I doubt any of us will go trough every line of code to find out.

[Zero - HosterBin]

There is an exploit out there for this script that i can download their sql with all submissions ect.

[narutoroot]

you have it?

[Hyperz]

http://www.ddlcms.com/forums/index.p...rum=2&topic=94

Turn off allow_url_include on your host. Ask your host or go to your php.ini to change it to off. You can also do it via WHM, go to PHP Configuration Editor, then click on Advanced. Turn allow_url_include to "off" and then click Save.

Have fun patching.

Something about configuration *cough*...

[narutoroot]

thanks-----

[Switchblade187]

Two things,

There is probably always an exploit in some code, and that's one of them. DDL CMS I think has it patched in an upcoming release which is apparently right around the corner.

Second all this does is allow somebody to download your SQL database...which quite frankly I could careless about. Good luck trying to hack anything from that database, and besides most sites using this will have just a big warez database of files which you can upload to your site lol.

Anyhow good that it's being fixed.