Jump to content

[NOTICE] - Open Flash Chart Exploit


simpilot

Recommended Posts

  • Administrators

Sorry, I guess looking quickly I did did not differentiate the two usernames between vcal and vicar.

My comments as far as what could be happening still are the same though. If you are completely deleteing the entire contents of your website and reinstalling a clean version of the application and being hacked minutes later, there is not too many things that can be happening.

1 - You are not using the patched version of the ofc_upload_image.php file. - Which I just tried to call on your site and got a not found error, so it is clear that the file is not there.

so I would say it is;

2 - There is another site on the server that is compromised that has access to your directory, possibly through the links created by a symlink attack. I know you say it is your own paid server but by the looks of it, with the correct ip address, it has appx 800 other sites hosted on it as well. -> http://whois.domaint.../89.146.199.179

or

3 - You have not changed passwords (FTP, cPanel, email) that were exposed in the original compromise.

Link to comment
Share on other sites

I got the host to try a couple things and then he wiped the webspace. There is nothing in it until I upload. VMS was failing every time I installed and ran it, even with the patched version. The hackers wwere doing more than what has been said on this forum.

They had created a directory that once I got into it, I couldn't get out of. I have had no direct reply to my posts about the problems on this forum, which left me no choice but to have my webspace wiped, which was suggested and I agreed. I don't know exactly what these hackers have done, but it is a lot more than just defacing and adding files and folders.

Link to comment
Share on other sites

  • 1 month later...

Hello,

Our VA got hacked too, they installed a massmailer and file controller. fortunately I have an older version of the site and did a check using MD5deep (a tool to compute md5 hash) bewteen the 2 versions. hence I could find our which files were added or modified.

to generate signatures from an old copy of phpvms:

md5deep -l -r phpvms > old.txt

To generate a report on the hacked version

md5deep -l -r -x old.txt phpvms_hacked

Quick and it will compare file content .... Now I would like to use the new ofc_upload_image.php is the correct version dated 30-09-2013 ?

I can find it in http://downloads.phpvms.net/phpvms.update.zip

Right ?

Thanks

Eric

Air Inter VA

Link to comment
Share on other sites

  • 2 months later...
  • 6 months later...
  • Administrators

Any updates on this?

There is no real update to be had, if you replace or patch the one affected file as it is spelled out here -> http://forum.phpvms.net/topic/16598-21936-security-patch/ <- there is not really anything else to be updated. If you were hacked, you will need to clean your site. There is no absolute set if directions to do that, every one is different.

Link to comment
Share on other sites

  • 3 years later...
  • 2 weeks later...
17 hours ago, mark1million said:

I cant get it to work either, please paste the complete code for google charts integration as you have bits missing.

Yeah, the </script> tag at the end was missing. Just add </script> to the end of the dashboard template file and you should be good.

thanks for pointing this out,nobody is perfect :)

Link to comment
Share on other sites

  • 4 months later...
On 8/11/2017 at 10:32 PM, mark1million said:

Ok doesnt matter i had to reintroduce a dedicated class to get it to show correctly. Changed the existing div and it works great.

 


<div id="chart_div" style="width:400; height:300"></div>

I've tried your code, but there is no graph, it's empty and there is only  a  "loading image"

my dashboard.php

<?php if(!defined('IN_PHPVMS') && IN_PHPVMS !== true) { die(); } ?>
<h3>VA Stats:</h3>
<table width="100%">
    <tr>
    <td valign="top" width="33%" nowrap="nowrap">        
        <strong>Users Online: </strong><?php echo count(StatsData::UsersOnline()); ?><br />
        <strong>Guests Online: </strong><?php echo count(StatsData::GuestsOnline()); ?>
    </td>
    <td valign="top" width="33%" nowrap="nowrap" >
        <strong>Total Pilots: </strong><?php echo StatsData::PilotCount(); ?><br />
        <strong>Total Flights: </strong><?php echo StatsData::TotalFlights(); ?><br />
        <strong>Total Hours Flown: </strong><?php echo StatsData::TotalHours(); ?>
    </td>
    <td valign="top" width="33%" nowrap="nowrap" >
        <strong>Miles Flown: </strong><?php echo StatsData::TotalMilesFlown(); ?><br />
        <strong>Total Schedules: </strong><?php echo StatsData::TotalSchedules(); ?><br />
        <strong>Flights Today: </strong><?php echo StatsData::TotalFlightsToday();?>
    </td>
    </tr>
</table>
<?php
MainController::Run('Dashboard', 'CheckInstallFolder');
echo $updateinfo;
?>
<h3>Pilot Reports for the Past Week</h3>
<div align="center" style="width=98%">
    <div id="reportcounts" align="center" width="400px" >
    <img src="<?php echo fileurl('/lib/images/loading.gif');?>" /><br /><br />
    Loading...
    </div>
</div>

 

 


<?php
if(Config::Get('VACENTRAL_ENABLED') == true && $unexported_count > 0)
{ ?>
    <h3>vaCentral Status: </h3>
    <p>You have <strong><?php echo $unexported_count?></strong> PIREPS waiting for export to vaCentral.
    <a href="<?php echo adminurl('/vacentral/sendqueuedpireps'); ?>">Click here to send them</a> </p>
<?php
} ?>

<?php

Template::Show('pilots_viewallbids.php');

?>

<div id="chart_div" style="width:400; height:300"></div>


<h3 style="margin-bottom: 0px;">Latest News</h3>
    <div style="overflow: auto; height: 400px; border: 1px solid #f5f5f5; margin-bottom: 20px; padding: 7px; padding-top: 0px; padding-bottom: 20px;">
    <?php echo $phpvms_news; ?>
    <p><a href="http://www.phpvms.net" target="_new">View All News</a></p>
    </div>
</td>
<?php
/*if(Config::Get('VACENTRAL_ENABLED') == true)
{
?>
<td valign="top" valign="50%">
    
    <h3 style="margin-bottom: 0px;">Latest vaCentral News</h3>
    <?php echo $vacentral_news; ?>
    <p><a href="http://www.vacentral.net" target="_new">View All News</a></p>
</td>
<?php
}*/
?>
<?php
/*
    Added in 2.0!
*/
$chart_width = '400';
$chart_height = '300';

/* Don't need to change anything below this here */
?>
<script type="text/javascript"

src="https://www.gstatic.com/charts/loader.js"></script>
<script type="text/javascript">
  google.charts.load('current', {'packages':['corechart']});
  google.charts.setOnLoadCallback(drawChart);

  function drawChart() {
    var data = google.visualization.arrayToDataTable([
      ['Day', 'Pireps'],
    <?php
    $counter=0;
    $total=0;
    $len = count($pireps);
    foreach($pireps as $row)
    {
        echo "['".date('j M',$row->timestamp)."',".$row->total."]";
        $total=$total+$row->total;
        if ($counter<$len-1)
        {     echo ","; }
        $counter++;    
    }        
    ?>
    ]);

    var options = {
      title: '',
      legend: { position: 'none' }
    };

    var chart = new google.visualization.LineChart(document.getElementById

('reportcounts'));

    chart.draw(data, options);
  }
</script>

 

 

 

Link to comment
Share on other sites

  • Nabeel unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...