TWiki: input sanitizing
TWiki: input sanitizing
Posted Dec 2, 2004 18:08 UTC (Thu) by toehser (guest, #16968)Parent article: TWiki: input sanitizing
This bug is actively being scanned for in the wild. It affects not only Gentoo, but any unpatched TWiki older than the 20040902 release. The attacks in the wild typically start a remote shell as your web server user, start up some spam gateways, download the .htpasswd files, and leave some other daemons running of unknown purpose with innocuous names running as the web server user. Your web pages may all be defaced. You will then be open to any privilege escalation attacks they can muster. Don't ignore this one.