Monday, January 14, 2008

Mambo guestbook unhacked

Found out that one of my Mambo website's guestbook (com_guestbook) was hacked. When clicked on the "Sign my guestbook" link, it would redirect to the URL -, which was also a bad address!

I went through the Mambo database using phpMyAdmin and exported the whole db as an SQL file. Then searched the file for the above URL and found the culprit record in the mos_guestbook table which had the URL embedded in it.

When guestbook was being displayed the code in the bad record would get EXECUTED and cause the page to be redirected to the specified URL.

After deleting this record from the mos_guestbook table, the guestbook started functioning properly again.

No comments: