A SERIOUS SECURITY VULNERBILITY HAS BEED DISCOVERED AND HAS BEEN USED TO CRIPPLE 711CHAN, 99CHAN, ASSCHAN, AMONG OTHERS.
ALLOWS REMOTE LINUX COMMAND EXECUTION
DELETE OR RENAME AFFECTED FILES IMMEDIATELY!!!!!!!!
FFFFFFFFFFFFFFFFFFUUUUUUUUUUUUUUUUUUUUUUUUUUU-
That's awesome.
Best thing to happen to the *chan scene in years.
It's about time all the shitty *chans get wiped out.
Good luck trying to patch it up, Serv.
good luck trying to take me out.
I did what a good admin would do.
I shut the all my image boards off from the public then disabled the affected files.
Also I agree that the shitty *chans need to be wiped out. They are overcrowding the imageboard market.
As I see it, the age of all encompassing *chans has ended.
It is now the age of niche *chans.
also new exploit: http://www.milw0rm.com/exploits/6711
>>9
Serv says:
>Also I agree that the shitty *chans need to be wiped out. They are overcrowding the imageboard market.
Let me pinpoint that for you all
>the shitty *chans need to be wiped out.
FINALLY!
Awesome news.
Please, no one release patches for this. I know Trevor won't.
Why am I not surprised to see januszeal's name on that log? That faggot's name is attached to every single "i am a *chan h4x0r lulz" activity.
So, the question is why are the ones who are on the list, well, on the list?
A large number of them are ones that are never visited anyway, so I don't see why they got attacked when it effectively does nothing to them.
It's frankly nice to see img.pushthenet.com go down the shithole, but I'm not entirely sure why he bothered with some of the other ones.
So, the load_receiver.php exploit has a fix, but it's not looking like paint.php does. Anyone care to humor me?
>>12
Some people have figured out a fix already (on both of them), but to protect the world from moar shitty *chans the code is super top sekrat.
That's kinda unfair on the genuinely good chans running kusaba (lol, I'm struggling not to laugh)
Sites like paintchan are genuinely pretty nice, so I'm hoping somehow they'll at least hear about this fix.
>>11
lol, was going to say the same thing myself.
ALSO, SRSLY.
WHY DIDN'T THAT SKIDDIE TAKE DOWN THE BOARD FULL OF FURRIES.
Why the fuck hasn't anyone used this to down PushTheNet?
It's on the list, but apparently the skiddie who found the exploit has decided pushthenet isn't worth his time. Probably true tbh :P
>>16
No, I mean, he hacked into them but he didn't do anything malicious.
Here's mod logs from http://tehsausage.com/paste/img-pushthenet
(read backwards)
Time User Action
08/10/08(Wed)18:01 WHY DO YOU HATE ME Logged in
08/10/08(Wed)18:00 Added staff member - Administrator: WHY DO YOU HATE ME
08/10/08(Wed)12:20 Tahko Ran cleanup
08/10/08(Wed)12:18 Tahko Logged in
08/10/08(Wed)12:04 Tahko Deleted post #11368 - /nm/
08/10/08(Wed)11:43 Tahko Modposted #11366 in /nm/ with flags: S.
08/10/08(Wed)11:38 Tahko Unstickied thread #11325 - /nm/
08/10/08(Wed)11:37 Tahko Logged in
08/10/08(Wed)09:28 Tahko Logged in
08/10/08(Wed)09:18 rommel Deleted post #11364 - /nm/
08/10/08(Wed)09:16 rommel Deleted staff member: asdf
08/10/08(Wed)09:16 rommel Added staff member - Administrator: asdf
08/10/08(Wed)09:16 Tahko Deleted staff member: Sausage
08/10/08(Wed)09:15 Tahko Logged in
08/10/08(Wed)09:08 rommel Logged in
08/10/08(Wed)08:27 Sausage Modposted #11364 in /nm/ with flags: DN.
08/10/08(Wed)08:20 Sausage Viewed disk space used
08/10/08(Wed)08:19 Sausage Logged in
08/10/08(Wed)08:18 Added staff member - Administrator: Sausage
Serissas site was taken down with it. lol. That's what they get for not knowing how to code.
>>18
Another ignorant moron who doesn't know what he's talking about. The vulnerability was discovered in kusaba 1.0.4 due to a bug in tee's code. It had nothing to do with Serissa. I've taken the site down to patch the security issues.
>>19
If you had any shred of decency left, you would just keep Serissa's site down.
Let Trevorchan die, please.
Osrry. All those random sites were just me checking what % might be affected, and boredom.
(numbers are the order checked, giving the first about 50%)