Cold Fusion web sites getting compromised

Author	All Replies
VikingBob join:2004-06-05 Ste Anne, MB ·MTS	Cold Fusion web sites getting compromised From »isc.sans.org/diary.html?storyid=6715 There have been a high number of Cold Fusion web sites being compromised in last 24 hours. We received several e-mails about this. It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager. The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server. The attacks we've been seeing in the wild end up with inserted tags into documents on compromised web sites. As you can probably guess by now, the script tags point to a whole chain of web sites which ultimately serve malware and try to exploit vulnerabilities on clients.
VikingBob join:2004-06-05 Ste Anne, MB ·MTS	to forum · permalink · · 2009-07-02 22:25:17 ·
VikingBob join:2004-06-05 Ste Anne, MB	Update from ISC: »isc.sans.org/diary.html?storyid=6730
VikingBob join:2004-06-05 Ste Anne, MB	to forum · permalink · · 2009-07-05 11:56:43 ·
Link Logger Premium,MVM join:2001-03-29 Calgary, AB	reply to VikingBob Its so easy to whack a truck load of websites it hurts, insert malware and all of a sudden its a browser problem. Blake
Link Logger Premium,MVM join:2001-03-29 Calgary, AB	to forum · permalink · · 2009-07-07 05:22:58 ·
SnowyOne Premium join:2003-04-05 Kailua, HI	It's a good thing that the browser is responsible for the system. Imagine if that task belonged to web content.
SnowyOne Premium join:2003-04-05 Kailua, HI	to forum · permalink · · 2009-07-07 06:10:35 ·


Thursday, 03-Dec 01:31:38	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF