I've been alerted to a url hack attempt at my site that I'd like to pass along in case it's potentially serious. I don't run DragonFly or WoWRoster (PostNuke + RosterMaster) but when I follwed the clues it led to a file directory structure that does exist in WoWRoster.
So who should I send the info to and how?
Hack Attempt
4 posts
• Page 1 of 1
Hack Attempt
by Topiatic » Sun Mar 23, 2008 1:03 am
Last edited by Topiatic on Sun Mar 23, 2008 1:04 am, edited 1 time in total.
- Topiatic
- WR.net Apprentice
- Posts: 2
- Joined: Sun Mar 23, 2008 12:57 am
Hack Attempt
by zanix » Sun Mar 23, 2008 1:34 am
PM the info to me
Read the Forum Rules, the WiKi, and Search before posting!
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
-
zanix - Admin
- WoWRoster.net Dev Team
- UA/UU Developer
- Posts: 5546
- Joined: Mon Jul 03, 2006 8:29 am
- Location: Idaho Falls, Idaho
- Realm: Doomhammer (PvE) - US
Hack Attempt
by PleegWat » Sun Mar 23, 2008 6:07 pm
I've checked the info. The attack that was attempted here is directory traversal. I've double-checked the code, and there is a limited vulnerability to directory traversal in the attacked code, however it should not be able to be targeted at a random file.
I'll put out a patch for this vulnerability later this afternoon.
I'll put out a patch for this vulnerability later this afternoon.
I <3 /bin/bash
-
PleegWat - WoWRoster.net Dev Team
- Posts: 1636
- Joined: Tue Jul 04, 2006 1:43 pm
4 posts
• Page 1 of 1
Return to General Support & Feedback
Who is online
Users browsing this forum: No registered users and 1 guest