|
»
»
« Return to Thread: IMPORTANT More UpLoad hacks
Re: IMPORTANT More UpLoad hacks
by Reini Urban
::
Rate this Message:
2007/4/12, Harold Hallikainen <harold@...>:
> > 2007/4/12, Sabri LABBENE <sabri.labbene@...>:
> >> Reini Urban wrote:
> >> >Via the Phpwiki 1.3.x UpLoad feature some hackers from russia upload a
> >> >php3 or php4 file,
> >> >install a backdoor at port 8081 and have access to your whole
> >> >disc and overtake the server.
> >> >
> >> >See http://ccteam.ru/releases/c99shell
> >>
> >> I think that the URL is wrong.
> >
> > This url obviously worked in 2006. Now it is gone.
> >
> > I submitted a critical security alert to CERT and it will be in the
> > cve reports of mitre.org
> > also then (hopefully).
>
> As the one who was attacked, I can give you the IP addresses of the
> attackers. Second, instead of disallowed extensions, I think it would be
> much safet to have a list of ALLOWED extensions. I see this as a todo in
> the upload plugin.
Hm, I will think about it. Other opinions?
> I have set my upload directory as read only and require users to now email
> me stuff to post.
>
> As to how much was visible to the hackers (and I have the code for their
> script), it SEEMS that it would only be what user apache could see, which
> would be stuff it owns and stuff that is world readable. Is that correct?
Well not really. The c99shell script tries in various ways to get more access.
At first it compiles and installs a backdoor at port 8081 and then
with shell access it's normally quite easy for an experienced hacker
to get root.
--
Reini Urban
http://phpwiki.org/ http://murbreak.at/
http://spacemovie.mur.at/ http://helsinki.at/
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Phpwiki-talk mailing list
Phpwiki-talk@...
https://lists.sourceforge.net/lists/listinfo/phpwiki-talk
> > 2007/4/12, Sabri LABBENE <sabri.labbene@...>:
> >> Reini Urban wrote:
> >> >Via the Phpwiki 1.3.x UpLoad feature some hackers from russia upload a
> >> >php3 or php4 file,
> >> >install a backdoor at port 8081 and have access to your whole
> >> >disc and overtake the server.
> >> >
> >> >See http://ccteam.ru/releases/c99shell
> >>
> >> I think that the URL is wrong.
> >
> > This url obviously worked in 2006. Now it is gone.
> >
> > I submitted a critical security alert to CERT and it will be in the
> > cve reports of mitre.org
> > also then (hopefully).
>
> As the one who was attacked, I can give you the IP addresses of the
> attackers. Second, instead of disallowed extensions, I think it would be
> much safet to have a list of ALLOWED extensions. I see this as a todo in
> the upload plugin.
Hm, I will think about it. Other opinions?
> I have set my upload directory as read only and require users to now email
> me stuff to post.
>
> As to how much was visible to the hackers (and I have the code for their
> script), it SEEMS that it would only be what user apache could see, which
> would be stuff it owns and stuff that is world readable. Is that correct?
Well not really. The c99shell script tries in various ways to get more access.
At first it compiles and installs a backdoor at port 8081 and then
with shell access it's normally quite easy for an experienced hacker
to get root.
--
Reini Urban
http://phpwiki.org/ http://murbreak.at/
http://spacemovie.mur.at/ http://helsinki.at/
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Phpwiki-talk mailing list
Phpwiki-talk@...
https://lists.sourceforge.net/lists/listinfo/phpwiki-talk
« Return to Thread: IMPORTANT More UpLoad hacks
| Free embeddable forum powered by Nabble | Forum Help |
