Security: "Nukes" Security Hole !!
Posted by: WildManOn 2002/1/10 1:33:26 4285 readsI run the site GroundZero. A while back it got hacked several times in a row. All that was done was replacing the index so not really a big deal but annoying. I now know how they were able to gain access to my site and they could very easily do it to some of yours...
I was using a module called netquery and a file called netinfo. Both of these apparently don't parse the form correctly and when the right IP and file are inserted and a traceroute done they give full access to your passwords and database and all. I liked the modules and it would be great if someone could fix them (if there is already a fix for this please let me know) but until then I recommend that you remove them from your sites.
If anyone is interested in how email me at wildwoman@xtremeoverclockers.com