With a little side of applesauce...

Thursday, February 17, 2011

ContentDM - DMLANG vulnerability

Just a heads-up, everyone who has a DMLANG vulnerable ContentDM installation will need to clear the 'planted' files from their docroot after patching the files. The easiest way to do this on GNU/Linux is to:
cd /path/to/your/Content/docs
$ for f in
$(grep -rlE 'na_pass|UpdateFilds' *); do sudo rm $f ; done


1. na_pass -> finds the published file which, in turn, creates the proxy files
2. UpdateFilds -> finds the proxy files, which are php files with an
UpdateFilds() function in them.

It is recursive, plus it matches both types of files that we are aware
of. You should cd to your docs dir to run it, but otherwise, it is
pretty straight-forward.

Do a Google search for 'site:mycontentdm.domain.edu viagra' to see if you are still proxying requests.

No comments: