[SATLUG] Hacked!

Lance Schneider schneider.lh at gmail.com
Mon Mar 5 17:51:50 CST 2012


Classic use of escape characters to circumvent PHP and inject SQL code to
discover the entire structure of the DB to pick the carcass clean at the
hacker's leisure. I REALLY need to pay more attention to this stuff,
myself. This experience makes for a great tutorial.

On Mon, Mar 5, 2012 at 5:43 PM, Steev Klimaszewski <threeway at gmail.com>wrote:

> On Mon, Mar 5, 2012 at 4:58 PM, Bruce Dubbs <bruce.dubbs at gmail.com> wrote:
> > The server was hacked this morning.  Thanks to Frank Huddleston we
> caught it
> > early.  The problem was that I put up a poorly designed script that
> allowed
> > an anonymous user to upload a file to a location that could be executed.
> >
> > My excuse is that I wrote the script in 2007.  Well that's not really an
> > excuse, but it's been sitting there since then.
> >
> > The hack script that is uploaded can be reviewed at
> > http://www.satlug.org/sec.phps
> >
> > I'm still reviewing it, but sing out if you see something interesting.
> >
> > The only user accessed appeared to be apache and only the file changed
> that
> > I can tell was index.html.  I'll watch the site a little closer.
> >
> >  -- Bruce
> > --
> > _______________________________________________
> > SATLUG mailing list
> > SATLUG at satlug.org
> > http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> > Powered by Rackspace (www.rackspace.com)
>
>
> Looks to be quite similar (probably just has the chinese characters
> removed from it) to http://www.hackerbox.net/angel.txt
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> Powered by Rackspace (www.rackspace.com)
>


More information about the SATLUG mailing list