site dbase issues, XSS+ ???

I had a site that due to reasons I’d rather not disclose had what I think was an XSS attack. Most of the links in the snippets, TPLs and templates had "?phpmyadmin=MXHUWOUIHDFJ"etc appended to them.

I downloaded the db file,, global find and replaced (deleted) the offending characters, created a new MODx 105 site from scratch and imported the content, chunks, templates, and TVs.

It works, but it does not allow Web User registration.

What else should I look for?
----------------------------
UPDATE: Another thing I noticed that might help readers help me solve this issue is that when I login to the Manager, it doesn’t log me in. It just stays put with my name and pw still in the form fields. If I hit refresh, I can get it. This is true across all browsers.

The domain/ip# and dbase appear to be unaffected. I added a subdomain and it and WebLogin, register functions, etc are working just fine, thank you.

So what else do I need to fix in order to sanitize the previous site’s content, chunks, TVs and files?

Thanks,
Peter

Are you running Plesk?

http://modxcms.com/forums/index.php?topic=50870.0
http://modxcms.com/forums/index.php?topic=50019.0
http://modxcms.com/forums/index.php?topic=21033.0
http://sourceforge.net/projects/phpmyadmin/forums/forum/72909/topic/1785348?message=4429879


I don’t know what happened that makes you think it was a XSS attack, but from what I can find it seems like a bug in PHPMyAdmin + Plesk + some fuzzy apache stuff.

Dimmy, it appears to be Plesk. It’s what I have and I sometimes use it to backup dbases.

The reason I think it was XSS or worse is because I asked another person to explicitly delete the root pw store in a message.

Although I did a global find and replace in the dbase on my computer and uploaded that via phpmyadmin - which worked by the way - I still cannot
a) Login to the Manager unless I click on the LOGIN button AND hit refresh.
b) Weblogin and WLPE do not work.

Peter

Try fetching the snippet/plugin code from the repo and overwriting the old one, perhaps something in the snippet/plugin code accidentally got deleted by modifying the SQL...

Other things I can think of is clearing the cache, but that’s pretty much where I run out of ideas to check, sorry.

I deleted the Manager directory and uploaded a fresh one. Then uploaded the config file. Manager Login is now fixed.

However, my original issue remains: WebLogin and WLPE still do not work. They work on a demo site using the same dbase but that’s not indicative of anything yet.

So I replaced WebLogin and WLPE with fresh copies as well as copy and pasting from the demo’s snippets to the site’s snippets just to make double sure.

Still not registering web users. I’ve used WebLogin and WLPE numerous times. Never had an issue with any site until this one. So, not sure what else I can do. Thanks for your help in pointing out the phpmyadmin issue with Plesk vs. MODx.

I think I’m going to set up another subdomain using Revo, install the Revo gateway/Provisioner and import it. But I wonder if I’m just going to run into the same issue.