|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 146
Members: 0
Total: 146
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Emptying new's table! |
|
Posted: Sun May 11, 2008 2:27 pm |
|
|
neodesc |
Regular user |
|
|
Joined: Jan 16, 2006 |
Posts: 7 |
|
|
|
|
|
|
|
The other day I found one of the websites I often visit without any news whatsoever in their db and it's a news site with thousands of them lol
The site: http://tinyurl.com/mcozb
They just restored a backup.
It happened to me a few years ago when I was still running phpnuke.
How did they do it? |
|
|
|
|
Posted: Sun May 11, 2008 2:47 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Somebody probably got admin access and then just erased all news. There is lot's of security holes in phpnuke older versions. And most of the third-party modules are not securely written. When attacker succeeds in finding sql injection or LFI/RFI hole, then admin account compromise may be possible. |
|
|
|
|
Posted: Sun May 11, 2008 9:31 pm |
|
|
neodesc |
Regular user |
|
|
Joined: Jan 16, 2006 |
Posts: 7 |
|
|
|
|
|
|
|
Thank you for answering so fast Janek.
When someone did this exactly same thing to me they didn't get admin access.
Besides he has that thing on his admin http://tinyurl.com/66gbu3
And they would have done something else like placing links or whatever.
I'm pretty sure they didn't get access to the admin panel. There must be something else.... but if you don't know how to do it I guess it can't be done |
|
|
|
|
|
|
|
|
Posted: Sun May 11, 2008 10:40 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
There are infinite count of ways to accomplish some goal. If attacker has found one or couple of security holes, then escalation can be possible. Basic auth can't stop this. For example, if there is local file disclosure bug, then attacker can read .htaccess and .htpasswd and then try to crack stolen auth hash.
By the way, there is publicly exposed phpmyadmin interface:
http://www.********.com/phpmyadmin
It is protected with basic auth too, but still this is another possible attack vector.
And - without seeing webserver logs there is no way to figure out, how attack has been done. We can just guess and speculate ... |
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|