On 12-02-2009 at 14:23:37 Szymek Przybył <apocalyp...@gmail.com> wrote:

exception 'PHPTAL_Exception' with message 'Invalid element name 'ohhe.length;qhxk+=3){ifdm+=rkfg(ohhe.substr'' in /inc/PHPTAL-1.1.14/PHPTAL/Dom/Node.php:107 Stack trace: # etc...

Code has been injected into your template and PHPTAL has caught it (because the 
code was ill-formed).

I found it also in files called home.html (home page template) and index.html. Sometimes this code appear in the end of file. This isn't a server fault

I've googled for this code and found couple of infected sites that don't seem to use PHPTAL.
Although it's impossible to tell that PHPTAL has no security holes, I think 
it's much more probable that your server has been infected in a different way 
and exploit code has been blindly added to all *.html files (who'd write PHPTAL 
exploit that injects code not allowed by PHPTAL?).

regards, Kornel

PHPTAL mailing list

Reply via email to