zlacker

[return to "‘BlueLeaks’ Exposes Files from Hundreds of Police Departments"]
1. voiper+83[view] [source] 2020-06-22 12:04:25
>>itcrow+(OP)
>“Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”

So they are spinning it as a user's fault? Not the fault of Netsential for allowing malicious content to be a problem...

◧◩
2. Nextgr+e7[view] [source] 2020-06-22 12:44:09
>>voiper+83
This smells of legacy PHP where any PHP file uploaded to a web-accessible folder can be executed.
◧◩◪
3. Cthulh+2s[view] [source] 2020-06-22 14:49:22
>>Nextgr+e7
Likely, I've unfortunately had the displeasure of being a victim of that, probably an off-the-shelf scanner that exploited a Wordpress weakness.

That said, I do think PHP software should be distributed in such a way that the files are both locked for editing by the PHP process itself, and verified regularly. I've been using XenForo on my website for a while and it's giving me e-mail warnings that a file has changed (I did a customization), so it does exist.

But yeah, that particular category of error can be mitigated via config; disallow PHP execution in an upload folder, disallow PHP to add or edit files in the application folder, etc.

[go to top]