Hack Attempt

Requests, feedback, and general discussion about WoWRoster
DO NOT post topics about WoWRoster AddOns here!

Hack Attempt

Postby Topiatic » Sun Mar 23, 2008 1:03 am

I've been alerted to a url hack attempt at my site that I'd like to pass along in case it's potentially serious. I don't run DragonFly or WoWRoster (PostNuke + RosterMaster) but when I follwed the clues it led to a file directory structure that does exist in WoWRoster.

So who should I send the info to and how?
Last edited by Topiatic on Sun Mar 23, 2008 1:04 am, edited 1 time in total.
Topiatic
WR.net Apprentice
WR.net Apprentice
 
Posts: 2
Joined: Sun Mar 23, 2008 12:57 am

Hack Attempt

Postby zanix » Sun Mar 23, 2008 1:34 am

PM the info to me
Read the Forum Rules, the WiKi, and Search before posting!
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
User avatar
zanix
Admin
Admin
WoWRoster.net Dev Team
WoWRoster.net Dev Team
UA/UU Developer
UA/UU Developer
 
Posts: 5543
Joined: Mon Jul 03, 2006 8:29 am
Location: Idaho Falls, Idaho
Realm: Doomhammer (PvE) - US

Hack Attempt

Postby Topiatic » Sun Mar 23, 2008 2:19 am

Done.
Topiatic
WR.net Apprentice
WR.net Apprentice
 
Posts: 2
Joined: Sun Mar 23, 2008 12:57 am

Hack Attempt

Postby PleegWat » Sun Mar 23, 2008 6:07 pm

I've checked the info. The attack that was attempted here is directory traversal. I've double-checked the code, and there is a limited vulnerability to directory traversal in the attacked code, however it should not be able to be targeted at a random file.

I'll put out a patch for this vulnerability later this afternoon.
I <3 /bin/bash
User avatar
PleegWat
WoWRoster.net Dev Team
WoWRoster.net Dev Team
 
Posts: 1636
Joined: Tue Jul 04, 2006 1:43 pm


Return to General Support & Feedback

Who is online

Users browsing this forum: No registered users and 0 guests

cron