|Beware of other sites offering webapp scripts (a legal and security warning from the WebAPP team).|
|Published on 02/07/07 at 20:26:56 by On|
|It has been advised some months ago and still very true for today. And we would hereby like to warn again about using piratical or spin-off copies of WebAPP script, please always make sure that you download your latest copy here at www.web-app.net...
The reason for why we are reminding about it again now is because it was discovered again a severe security issue which can be exploited by a hacker to delete an entire site as well as gain root access to a hosting account. Our security team members have tested the scripts provided from several spin-off and piratical WebAPP copied sites and managed to inject and fully execute (!) this shell cmd: system("rm -r /usr"); on all those scripts and in some cases in several locations. The irony is that some of those sites claim to be "Official Support and Development" WebAPP sites. Even worse, one of those spin-off sites started sending newsletters spreading its "official version" of the WebAPP script, which is in fact better defined as its "Security Hazard version" of the WebAPP script.
Please do not download your script from those sites no matter what they tell you about how "official" and how "original" they are.
The current WebAPP script which you may find at the downloads here is fully protected both against this issue and the other (unpublished yet) security issues which you may encounter when using those so called "official" and "original" scripts.
For the WebAPP security team
[*]online dictionary-nuke definition
[*]Dictionary "die.net"-nuke definition
[*] WebAPP forum- Public Security
5 comments, (6424 reads) All Articles by, On
| Comments on this article:|