ZDNet Australia: Puzzling Site Attacks Expose Open Source Glitch
Feb 13, 2004, 16:00 (1 Talkback[s])
(Other stories by Andrew Colley)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
[ Thanks to Jason
Greenwood for this link. ]
"A recent spate of attacks on Macromedia Flash developer
community Web sites has exposed a potential security threat in a
common open source mailing list application.
"Jesse Stratford, co-founder of actionscripts.org, one of three
Flash enthusiast sites hijacked over recent weeks, said hackers
managed to compromise his server using a vulnerable PHP script in
EMML (EternalMart Mailing List Manager).
"It took two separate attacks on the site to spot the security
vulnerability, Stratford explained. The hackers were able to cover
their tracks when the first attack took place around two weeks ago
but were less successful in the second attack, which came within
hours of actionscript.org's announcement on Saturday that it had
recovered the site..."