Jul 04, 2009, 04:44 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
Search via SMF or Google: modx forums all of modxcms.com web
  MODxCMS.com   Forums   Help Login Register  
MODx Community Forums » Announcements » Security Notices » FileDownload exploit!
Pages: [1]   Go Down
« Previous topic Next topic »
  Send this topic  |  Print  
Author Topic: FileDownload exploit!  (Read 9981 times)
0 Members and 1 Guest are viewing this topic.
OpenGeek
MODx Co-Founder
Foundation
*
Posts: 5,813


damn accurate caricatures...


WWW
« on: Dec 30, 2006, 10:58 AM »
VERY IMPORTANT!

If you have added the FileDownload snippet to a MODx site, please remove this snippet from your sites immediately.  There is a known vulnerability in this component that can expose critical database credentials by allowing exploiters to download your config.inc.php file or any number of other critical files directly from your server.  A new version of the component will be available shortly that resolves this issue, but in the meantime, it is absolutely critical that you disable this snippet.

Also, if you have a site with this snippet currently enabled, it is highly recommended that you change your database username/password after disabling the snippet as soon as possible.  It is possible that some sites have already been silently exploited and critical security information collected.

Please note: FileDownload is not part of the core MODx distribution, so this only affects users who have downloaded and installed the FileDownload snippet.

More information as soon as it becomes available.
Logged
Jason Coward
MODx Co-Founder
xPDO Founder
CTO @ Collabpad
work productively.
work intelligently.
work together.
Light is just a vibration of a note too. Everything is. You've got to keep that in mind.
  Frank Zappa
rthrash
Foundation
*
Posts: 10,471



WWW
« Reply #1 on: Dec 30, 2006, 11:17 AM »
Our downloads will return later today after resolving this issue.
Logged
MODx is a framework that allows web professionals to turn over sites to end-users for daily maintenance without worrying. Community participation and questions are encouraged, especially when you help us help you, read the wiki, and review snippet parameters – even if you have to look at the source. Searching the forums helps, too.
Ryan Thrash
MODx Co-Founder
Principal @ Collabpad
work productively.
work intelligently.
work together.
rthrash
Foundation
*
Posts: 10,471



WWW
« Reply #2 on: Dec 30, 2006, 11:54 AM »
Patched and back online.
Logged
MODx is a framework that allows web professionals to turn over sites to end-users for daily maintenance without worrying. Community participation and questions are encouraged, especially when you help us help you, read the wiki, and review snippet parameters – even if you have to look at the source. Searching the forums helps, too.
Ryan Thrash
MODx Co-Founder
Principal @ Collabpad
work productively.
work intelligently.
work together.
Pages: [1]   Go Up
  Send this topic  |  Print  
« Previous topic Next topic »
 
Jump to:  

Powered by MySQL Powered by PHP

Copyright © 2005-2008 MODxCMS, All rights reserved. Contact Us
Styles by ziworks.com

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Valid XHTML 1.0! Valid CSS!