modxcms.com
JIRA
Help
Search
Login
Register
Search
Sign In
Username
Password
Forgot Password?
Not registered yet? Sign up!
Close
MODx CMS
MODx Community Forums
/
Announcements
/
Security Notices
/
FileDownload exploit!
« previous
next »
Topic: FileDownload exploit! (Read 12223 times)
Send this topic
Print
Pages: [
1
]
Go Down
#1: 30-Dec-2006, 10:58 AM
Foundation
OpenGeek
MODx Co-Founder
Posts: 6,718
damn accurate caricatures...
FileDownload exploit!
VERY IMPORTANT!
If you have added the
FileDownload
snippet to a MODx site,
please remove this snippet from your sites immediately
. There is a known vulnerability in this component that can expose critical database credentials by allowing exploiters to download your config.inc.php file or any number of other critical files directly from your server. A new version of the component will be available shortly that resolves this issue, but in the meantime, it is absolutely critical that you disable this snippet.
Also, if you have a site with this snippet currently enabled, it is highly recommended that you change your database username/password after disabling the snippet as soon as possible. It is possible that some sites have already been silently exploited and critical security information collected.
Please note: FileDownload is not part of the core MODx distribution, so this only affects users who have downloaded and installed the FileDownload snippet.
More information as soon as it becomes available.
Jason Coward
MODx Co-Founder
xPDO Founder
CTO @
Collabpad
work
productively.
work
intelligently.
work
together
.
MODx
Development
|
SVN
|
Fisheye
xPDO
Development
|
SVN
|
Fisheye
Light is just a vibration of a note too. Everything is. You've got to keep that in mind.
Frank Zappa
#2: 30-Dec-2006, 11:17 AM
Foundation
rthrash
Posts: 11,284
Re: FileDownload exploit!
Our downloads will return later today after resolving this issue.
MODx
is a content managmeent framework that allows web professionals to turn over sites to end-users for daily maintenance without worrying. Please
help us help you
when asking for assistance and
read the wiki
. Searching the forums from the top level helps, too.
Ryan Thrash
MODx Co-Founder
Principal @
Collabpad
work
productively.
work
intelligently.
work
together.
JIRA (Bugs)
|
Confluence (Wiki)
|
Fisheye SVN Browser
|
Subversion Root
#3: 30-Dec-2006, 11:54 AM
Foundation
rthrash
Posts: 11,284
Re: FileDownload exploit!
Patched and back online.
MODx
is a content managmeent framework that allows web professionals to turn over sites to end-users for daily maintenance without worrying. Please
help us help you
when asking for assistance and
read the wiki
. Searching the forums from the top level helps, too.
Ryan Thrash
MODx Co-Founder
Principal @
Collabpad
work
productively.
work
intelligently.
work
together.
JIRA (Bugs)
|
Confluence (Wiki)
|
Fisheye SVN Browser
|
Subversion Root
Pages: [
1
]
Go Up
Send this topic
Print
0 Members and 1 Guest are viewing this topic.
Loading...