A hacker was able to install a rootkit on our server
through a YaBB messageboard:
He used the following string to start taking control:
a;id;w;ls%20-la%20/usr/bin/sudo HTTP/1.1" 200 595
We find it, as fellow php developers, quite strange that
you do not check the variables and strip them from
illegal characters like ";", ":", "%", "@".
Please change this and notify us when you did. With
stripping the illegal characters, the above would not have
had any result. And we would not have hunderds of
To all Linux webhosters: please check your servers for a
YaBB messageboard and make sure it is safe to keep
it, and hackers can not abuse it to gain control over your
Log in to post a comment.