|
»
»
« Return to Thread: IMPORTANT More UpLoad hacks
Re: IMPORTANT More UpLoad hacks
by Harold Hallikainen
::
Rate this Message:
> 2007/4/12, Sabri LABBENE <sabri.labbene@...>:
>> Reini Urban wrote:
>> >Via the Phpwiki 1.3.x UpLoad feature some hackers from russia upload a
>> >php3 or php4 file,
>> >install a backdoor at port 8081 and have access to your whole
>> >disc and overtake the server.
>> >
>> >See http://ccteam.ru/releases/c99shell
>>
>> I think that the URL is wrong.
>
> This url obviously worked in 2006. Now it is gone.
>
> I submitted a critical security alert to CERT and it will be in the
> cve reports of mitre.org
> also then (hopefully).
> --
> Reini Urban
> http://phpwiki.org/ http://murbreak.at/
> http://spacemovie.mur.at/ http://helsinki.at/
>
As the one who was attacked, I can give you the IP addresses of the
attackers. Second, instead of disallowed extensions, I think it would be
much safet to have a list of ALLOWED extensions. I see this as a todo in
the upload plugin.
I have set my upload directory as read only and require users to now email
me stuff to post.
As to how much was visible to the hackers (and I have the code for their
script), it SEEMS that it would only be what user apache could see, which
would be stuff it owns and stuff that is world readable. Is that correct?
THANKS!
Harold
--
FCC Rules Updated Daily at http://www.hallikainen.com - Advertising
opportunities available!
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Phpwiki-talk mailing list
Phpwiki-talk@...
https://lists.sourceforge.net/lists/listinfo/phpwiki-talk
« Return to Thread: IMPORTANT More UpLoad hacks
| Free embeddable forum powered by Nabble | Forum Help |
