 |
|
|
|
|
|
|
|
|
2013-08-11, 09:10 AM
|
#2 |
|
Well you know boys, a nuclear reactor is a lot like women. You just have to read the manual and press the right button
Join Date: Nov 2003
Posts: 157
|
Hi cd34, please excuse my ignorance but are the hackers able to override the .htaccess file by simply deleting the contents or the .htaccess file completely due to elevated privelages or some such through whatever means. (Maybe a more familiar term for techs could be elevated privilege , cross site scripting, SQL injection etc?)
Also, is this a common attack vector on .htacess files or specific to a bug in Tube Ace which allows them to override/edit/delete .htaccess files and/or any other file on the server? If my limited knowledge is somewhat correct, it appears as though the following directories: domain.com/avatars/ domain.com/cache/ domain.com/thumbs/ domain.com/uploads/ Are susceptible to allowing uploads and hence the execution of potentially malicious/dangerous CGI scripts consisting of (python, Perl, or PHP scripts) that can be uploaded to the above directories due to some bug such as not sufficiently checking the filename/filetype (or many more advanced measures) or simple user input validation? I'm interested to know if this could affect a lot more than just Tube Ace, or if it's a simple oversight by this one script that is usually accounted for.
__________________
To alcohol! The cause of, and solution to, all of life’s problems Last edited by JK; 2013-08-11 at 09:20 AM.. |
|
|
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Threaded Mode