Oct 07, 2008, 02:31 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
modxcms.com web
  MODxCMS.com   Forums   Help Login Register  
News:Donate to MODx: Donations
MODx Community Forums » Announcements » Security Notices (Moderator: OpenGeek» FileDownload exploit!
Pages: [1]   Go Down
« Previous topic Next topic »
  Send this topic  |  Print  
Author Topic: FileDownload exploit!  (Read 8281 times)
0 Members and 1 Guest are viewing this topic.
OpenGeek
MODx Co-Founder
Moderator
*
Posts: 4,818


looking a little more like my avatar again...


WWW
« on: Dec 30, 2006, 10:58 AM »
VERY IMPORTANT!

If you have added the FileDownload snippet to a MODx site, please remove this snippet from your sites immediately.  There is a known vulnerability in this component that can expose critical database credentials by allowing exploiters to download your config.inc.php file or any number of other critical files directly from your server.  A new version of the component will be available shortly that resolves this issue, but in the meantime, it is absolutely critical that you disable this snippet.

Also, if you have a site with this snippet currently enabled, it is highly recommended that you change your database username/password after disabling the snippet as soon as possible.  It is possible that some sites have already been silently exploited and critical security information collected.

Please note: FileDownload is not part of the core MODx distribution, so this only affects users who have downloaded and installed the FileDownload snippet.

More information as soon as it becomes available.
Logged
Jason Coward
MODx Co-Founder
xPDO Founder
Principal @ Collabpad
work productively.
work intelligently.
work together.
If you think of yourselves as helpless and ineffectual, it is certain that you will create a despotic government to be your master. The wise despot, therefore, maintains among his subjects a popular sense that they are helpless and ineffectual.
  — Frank Herbert
rthrash
Foundation
*
Posts: 9,269



WWW
« Reply #1 on: Dec 30, 2006, 11:17 AM »
Our downloads will return later today after resolving this issue.
Logged
MODx is a framework that allows web professionals to turn over sites to end-users for daily maintenance without worrying. Community participation and questions are encouraged, especially when you help us help you, read the wiki, and review snippet parameters – even if you have to look at the source. Searching the forums helps, too.
Ryan Thrash
MODx Co-Founder
Principal @ Collabpad
work productively.
work intelligently.
work together.
rthrash
Foundation
*
Posts: 9,269



WWW
« Reply #2 on: Dec 30, 2006, 11:54 AM »
Patched and back online.
Logged
MODx is a framework that allows web professionals to turn over sites to end-users for daily maintenance without worrying. Community participation and questions are encouraged, especially when you help us help you, read the wiki, and review snippet parameters – even if you have to look at the source. Searching the forums helps, too.
Ryan Thrash
MODx Co-Founder
Principal @ Collabpad
work productively.
work intelligently.
work together.
Pages: [1]   Go Up
  Send this topic  |  Print  
« Previous topic Next topic »
 
Jump to:  

Powered by MySQL Powered by PHP

Copyright © 2005-2008 MODxCMS, All rights reserved. Contact Us
Styles by ziworks.com

Powered by SMF 1.1.4 | SMF © 2005, Simple Machines LLC

Valid XHTML 1.0! Valid CSS!