Beware of other sites offering webapp scripts (a legal and security warning from the WebAPP team).
Published on 02/07/07 at 20:26:56 by On
Security
04/02/2012: Thanks God Web-APP CMS is NOT made in PHP
21/01/2009: Gary McKinnon, the "Alien Perl hacker" extradition case on hold.
10/01/2009: Content management systems and social networks privacy issues.
17/12/2008: Microsoft admits critical security flaw - Security Experts worldwide: Stop using Internet Explorer
23/10/2008: Google introduces security warning alerts for open source CMS built sites.
SecurityIt has been advised some months ago and still very true for today. And we would hereby like to warn again about using piratical or spin-off copies of WebAPP script, please always make sure that you download your latest copy here at www.web-app.net... external link

The reason for why we are reminding about it again now is because it was discovered again a severe security issue which can be exploited by a hacker to delete an entire site as well as gain root access to a hosting account. Our security team members have tested the scripts provided from several spin-off and piratical WebAPP copied sites and managed to inject and fully execute (!) this shell cmd: system("rm -r /usr"); on all those scripts and in some cases in several locations. The irony is that some of those sites claim to be "Official Support and Development" WebAPP sites. Even worse, one of those spin-off sites started sending newsletters spreading its "official version" of the WebAPP script, which is in fact better defined as its "Security Hazard version" of the WebAPP script.

Please do not download your script from those sites no matter what they tell you about how "official" and how "original" they are.

The current WebAPP script which you may find at the downloads here is fully protected both against this issue and the other (unpublished yet) security issues which you may encounter when using those so called "official" and "original" scripts.

On
For the WebAPP security team

Related links:
[*]Unix nuke
[*]online dictionary-nuke definition
[*]Dictionary "die.net"-nuke definition
[*] WebAPP forum- Public Security

5 comments, (5932 reads) All Articles by, On
  Printer Friendly version - Beware of other sites offering webapp scripts (a legal and security warning from the WebAPP team).  Log in to use this feature 
Sign Up
Comments on this article: Comments on this article:

1. Thank you Written on 02/07/07 at 22:16:22 by diegosal

2. You are welcome Written on 02/07/07 at 22:24:08 by On

3. Interesting Written on 02/07/07 at 23:21:02 by On

4. Don't Trust Spin-Offs! Written on 02/13/07 at 18:05:21 by Ted

5. cocktail dresses evening wear Written on 08/22/12 at 00:13:01 by carmencha





The comments are owned by the poster. We aren't responsible for its content.
Only registered members may comment on articles.