Home  | FAQ  | Search  | Memberlist  | Usergroups  | Register  | Profile  | Log in  | Log in for your private messages
Hacker Exploit/Security Vulnerability in MyCalendar

 
Post new topic   Reply to topic    myWebland Forum Index -> myCalendar
View previous topic :: View next topic  
Author Message
Wrath
Newbie


Joined: 19 Apr 2006
Posts: 1

PostPosted: Wed Apr 19, 2006 1:35 am    Post subject: Hacker Exploit/Security Vulnerability in MyCalendar Reply with quote

Hello,

I have been using MyCalendar for about a year now, and have had to remove it after a hacker group defaced one of my websites by exploiting a remote file inclusion vulnerability in MyCalendar to grant the attackers a web shell, allowing them to execute commands remotely.

Fortunately for me, these hackers just wanted to deface the home page and other points of entry, but they left all other files and data intact, and after I overwrote the pages they defaced with the originals I had backed up, all was well.

However, after consulting my webhost, we had to delete the MyCalendar program from the site and look for a more secure replacement. The Linux Administrator for my web host was able to find several other vulnerabilities with MyCalendar in just a matter of minutes.

They used this... http://svt.nukleon.us/tools/c99shell.txt?&cmd=u
name%20-a

If you go to that page you'll find the tool/code used to screw everything up on my site. Don't worry, it's just text/code on a page if you want to look at it.

Another thing to note, they could not delete files on my account, they were only able to rename the index.html and index.php files then insert index.htm files or recode the index.php files they wanted to deface.

Thought you and others might want to know about this before they install MyCalendar on their site, or if they already have the program they might want to try removing anything that says MyCalendar or any linsk to this site so that these hacker can't find their sites in web searches then deface them.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    myWebland Forum Index -> myCalendar All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
TNX?

Error. Page cannot be displayed. Please contact your service provider for more details. (31)




Powered by phpBB © 2001, 2005 phpBB Group
Contact Us