Sites Hacked Via HTMLEditor
I spent over 20 hours cleaning up files in more than 15 sites that were hacked via the HTML Editor.
The hackers gained access to each site that I have HTML Editor installed on. They were able to upload files and on each of these sites they deleted the imagesupload or Images/Upload folders which is set to 777 by default through different versions of powerstore. They were able to gain access to the files inside of the editor/plugins folder. They can also access ckeditor and kfm files as well. I am assuming that these are all tied to the fckeditor used by Webassist.
I don't know where or how to find the security hole, but I am assuming that are somehow accessing the upload functionality in this script to upload malicious content and delete files.
This should also really be posted in the powerstore forum as well since this affects powerstore installations as well and I am guessing probably cms manager installs also.
Any support you can provide to close the holes would be greatly appreciated.