Menu
▾
▴
Re: [Phpwiki-talk] IMPORTANT More UpLoad hacks
|
From: Harold H. <ha...@ha...> - 2007-04-12 16:37:57
|
> 2007/4/12, Sabri LABBENE <sab...@st...>: >> Reini Urban wrote: >> >Via the Phpwiki 1.3.x UpLoad feature some hackers from russia upload a >> >php3 or php4 file, >> >install a backdoor at port 8081 and have access to your whole >> >disc and overtake the server. >> > >> >See http://ccteam.ru/releases/c99shell >> >> I think that the URL is wrong. > > This url obviously worked in 2006. Now it is gone. > > I submitted a critical security alert to CERT and it will be in the > cve reports of mitre.org > also then (hopefully). > -- > Reini Urban > http://phpwiki.org/ http://murbreak.at/ > http://spacemovie.mur.at/ http://helsinki.at/ > As the one who was attacked, I can give you the IP addresses of the attackers. Second, instead of disallowed extensions, I think it would be much safet to have a list of ALLOWED extensions. I see this as a todo in the upload plugin. I have set my upload directory as read only and require users to now email me stuff to post. As to how much was visible to the hackers (and I have the code for their script), it SEEMS that it would only be what user apache could see, which would be stuff it owns and stuff that is world readable. Is that correct? THANKS! Harold -- FCC Rules Updated Daily at http://www.hallikainen.com - Advertising opportunities available! |
