Some PHP dumps:
addnew.php:
//clearly reflects their poor coding way...
<?
$path = "../";
//$thePage = "home";
include $path."includes/adminhead.php";
include $path."includes/headeradmin.php";
if($_POST['ok'])
{
$date1=$_POST['Date1'];
$title=$_POST['Title'];
$newfile=returnfilename($_FILES['fileattach'],"downloads");
$sqlquery= "INSERT INTO downloads VALUES('','$date1','$title','$newfile')";
$rt1=mysql_query($sqlquery) or die(mysql_error());
if($rt1)
{
print "<script>document.location='download.php';</script>";
}
}
?>
settings.php:
<?
// Online
/**/
$hostname="localhost";
$username="peaedu_peaedu";
$password="delta2009";
$db="peaedu_peadb";
/* LOCAL *
$hostname="localhost";
$username="root";
$password="";
$db="pea_db";
*/
$connectme=mysql_connect($hostname,$username,$password);
?>
Now the screenshot of the defaced site:
Thanks for reading this... and to site developers, learn fucking sense of security...
Hey guys, thanks for alarming...but couldn't get you people. Is the server insecure or what? This site was hacked previously as well. Could you please tell me the exact reason?
ReplyDeleteThanks
ok bro, its not the server but its the poor coding with which we had hacked you. If you want to know what exact is the reason,please contact me or sam. We will be more than happy to help you secure your site otherwise it is still same.
ReplyDelete