XOOPS Web Application System (https://xoops.org)
Powered by You!
"Nukes" Security Hole !!
Category : Security | Published by WildMan on 08-Jan-2002 16:48I run the site GroundZero. A while back it got hacked several times in a row. All that was done was replacing the index so not really a big deal but annoying. I now know how they were able to gain access to my site and they could very easily do it to some of yours...
I was using a module called netquery and a file called netinfo. Both of these apparently don't parse the form correctly and when the right IP and file are inserted and a traceroute done they give full access to your passwords and database and all. I liked the modules and it would be great if someone could fix them (if there is already a fix for this please let me know) but until then I recommend that you remove them from your sites.
If anyone is interested in how email me at wildwoman@xtremeoverclockers.com
I was using a module called netquery and a file called netinfo. Both of these apparently don't parse the form correctly and when the right IP and file are inserted and a traceroute done they give full access to your passwords and database and all. I liked the modules and it would be great if someone could fix them (if there is already a fix for this please let me know) but until then I recommend that you remove them from your sites.
If anyone is interested in how email me at wildwoman@xtremeoverclockers.com