Subject: The mailing list for listmasters using Sympa
List archive
[sympa-users] squl injection problem on sympa 6.0.1
- From: Riccardo Veraldi <address@concealed>
- To: address@concealed
- Subject: [sympa-users] squl injection problem on sympa 6.0.1
- Date: Fri, 19 Mar 2010 20:15:32 +0100
Hello,
right today I had a weird problem.
I noticed a lot of new subtopics in the main Home topic page.
For each topic in my Home main page there are the following subtopics:
# SnoopServlet
# nessus
# portal
# snoop
# snoopservlet
# struts
Actually I did not create them in topics.conf
The file is untouched.
These new created subtpics instead are present into the mysql DB of sympa.
But I did not create them in the DB.
It looks like someone did a sql injection which had success.
I also have now a very huge bulkspool_table, is it normal ?
I have latest CentOS 5.4 release installed on my sympa with latest webserver and recent mysql server.
How this injection could be possible ?
might it be a nessus probe conseguence ?
thank you
Rick
- [sympa-users] squl injection problem on sympa 6.0.1, Riccardo Veraldi, 03/19/2010
Archive powered by MHonArc 2.6.19+.