I thought people here who use, own or visit article directories might like to know that a random search of mine has made me aware that someone or a group called x-xt"mpu_gandring"x-xt seems to have compromised a large number of article direcories. I don’t know what this guy’s plans for the directories are but I wouldn’t want to sit around and wait for it if I owned one. Btw I don’t know what this vulnerability is but I’m sure they all use a pre-made script which is why they are all affected.
It seems to be limited to a SQL injection vulnerability with the Article Dashboard application.
From Secunia
Solution:
Restrict access to the “admin/” directory (e.g. with “.htaccess”).
hmm pretty lame that you can do an SQL injection on article dashboard. But this guy just chose to inject his hacking nickname in there. He could have put something malicious on there as well if he had wanted to.
Maybe they did do more. Imagine giving yourself an Admin account to every site. Or how much would a list of all those registered member email addresses fetch on the SPAM market? Most likely though, because of the prominent name display, it’s just some script kiddie that thinks they’re a “master hacker” because they managed to exploit a published vulnerability.
Yes, the professional, organized crime type of hackers that seem to become more abundant wouldn’t make any changes to the site that would give them away. They would either inject some malicious code that would drop trojans or harvest the data as you suggested.
Btw, some of these do do that since I surfed one of those sites yesterday and it tried to hit me with the Zlob trojan. Even though it wasn’t connected to any video or so. But that site didn’t have this script kid’s name plastered across it.
Some hacker hacked into our articledashboard site repeatedly. They even threw in a trojan. We’ve since converted to the more secure wordpress platform. So far so good - <snip/>