Quote:
Originally Posted by ddluk  Ok. There is a temporary solution to avoid using that script. You need give the files admin_editor.php and settemplate.php chmod 000 or copy it to your hard disk and delete it from your hosting. The exploit use admin_editor.php to edit your template files, after chmodiing or deleting they can't edit it. They can get the name of admin (in standard) but the can't do nothing more.
That's only temporary fix, when Pligg team release update you can put files to your web host. |
The shell exploit is in index.php, you can't really remove that one. The way that is done is though an exploit in vote.php. Your solution is only a partial fix but if the site is still running it is still vulnerable to the very dangerous shell exploit. Removing those files does not protect your system at this time.