website hacked by exploiting a vulnerability in the wiki-engine MoinMoin

Posted: January 10, 2013 in IT Security News
Tags: , ,

HackersAttackers compromised a database with email-addresses and passwords hashes wiki.

Information Security Debian project provided a detailed report on the audit of hacking site, after the administration announced the discovery of a resource leak user data. So at the end of last week, a resource guide reported finding traces of unloading a database of email addresses and passwords hashes. It turned out that the intruders in was possible because of failure to eliminate vulnerabilities in wiki-engine MoinMoin, which developers have eliminated in December last year. Underlying vulnerability allows attackers to execute its code on the server that serves Wiki.

The administration site is initiated moving the project to a new server, and began a program of change passwords Wiki.

According to the study of the old server, cybercriminals are not able to get administrative rights to access the resource, resulting in a limited study of the system under the guise of one of the users. However, the researchers recorded the database leak that caused the initiation of the process of change passwords. The experts also found that to hide the traces of malicious attacks using network Tor, and for the study of the system was installed with the support of backdoor web-shell.

Note that almost immediately after the publication of research results server, the administration of the project Python, using the same engine, reported the detection of penetration resource, which was broken the day before the update release MoinMoin 1.9.6 with security fixes.

During the attack on attacker also could not get root access, and trying to remove the traces of their presence in the system, was discovered.

However, an attacker could still compromise the database password hashes resource users Python and Jython. Administration immediately initiated the process of changing passwords, and also warned about what happened all users whose credentials can be compromised.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s