|
Showdog Tiger
Registered User
Join date: 30 Nov 2005
Posts: 404
|
09-09-2006 17:05
From: Joshua Nightshade Mulch can't think with much beyond his penis. He's like a single-celled organism in that respect. Like = sex & food. Dislike = hot and Prok. By those standards as a dark elf I'm sure Mulch likes you very much.  No I kid. I love Mulchie. What'd the sonofabitch do? Dearly Darlings, I have absolutely no clue what you are all talking about. I thought most single celled organisms reproduce via a-sexual reproduction. No penis there. Next you are using a term "Vetting," I know this word from animals....is this the same thing? Or is is something about that coding stuff you all refer to? You take the program, look at it to see if it looks correct for what ever function it's been made for (Conformation). Then you take it to the QA people (A Veterinarian) and have it looked at for problems, and if it passes muster then you use it? (Purchase and Use.) If this is right....why are there problems...are the QA people not looking for the right things? Ever Yours, Mrs. Showdog Tiger
_____________________
Dogdom Doge
|
|
Joshua Nightshade
Registered dragon
Join date: 12 Oct 2004
Posts: 1,337
|
09-09-2006 17:10
From: Showdog Tiger Dearly Darlings,
I have absolutely no clue what you are all talking about. I thought most single celled organisms reproduce via a-sexual reproduction. No penis there. Next you are using a term "Vetting," I know this word from animals....is this the same thing? Or is is something about that coding stuff you all refer to?
You take the program, look at it to see if it looks correct for what ever function it's been made for (Conformation). Then you take it to the QA people (A Veterinarian) and have it looked at for problems, and if it passes muster then you use it? (Purchase and Use.)
If this is right....why are there problems...are the QA people not looking for the right things?
Ever Yours,
Mrs. Showdog Tiger Words are incapable of encompassing to a true extent the love I have for you.
_____________________
 Visit in-world: http://tinyurl.com/2zy63d http://shop.onrez.com/Joshua_Nightshade http://joshuameadows.com/
|
|
Yiffy Yaffle
Purple SpiritWolf Mystic
Join date: 22 Oct 2004
Posts: 2,802
|
09-09-2006 17:17
TERROR!!!! AAAHAAaaAAHaaHHahhhh.......... *door slam* hehe |
|
Von Tripp
Registered User
Join date: 28 Apr 2006
Posts: 6
|
09-10-2006 04:52
From: Foolish Frost Ah, you design web interface systems for thousands of users? And are a security expert?
I doubt it.
Yes actually... |
|
Cristiano Midnight
Evil Snapshot Baron
Join date: 17 May 2003
Posts: 8,616
|
09-10-2006 05:23
This is the specific exploit: TikiWiki Configure Script JHot.PHP Remote Command Execution Vulnerability TikiWiki is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process. TikiWiki 1.9.4 and prior versions are vulnerable to these issues; other versions may also be affected. http://isc.incidents.org/diary.php?storyid=1672&isc=0e31943b6b6dd9350c83244ea9e9deb9Both pmwiki and tikiwiki are being exploited by separate vulnerabilities. This was a critical security flaw that has been patched, but there have been active bots on the IRC hitting sites looking for this vulnerability, then combining it with a search for known vulnerabilities in Linux.
_____________________
Cristiano ANOmations - huge selection of high quality, low priced animations all $100L or less. ~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more. 
|
|
Cristiano Midnight
Evil Snapshot Baron
Join date: 17 May 2003
Posts: 8,616
|
09-10-2006 05:30
From: Uma Bauhaus I found information on a WordPress Paged Parameter SQL Injection Vulnerability which can be seen in detail here. It looks like it affects WordPress 2.0.2 through 2.0.5. Could this be it? I don't know enough about WordPress, SQL, or security to do anything more than speculate. Comments from experts would be much appreciated.  The vulnerability was not in the blog software, it was in one of the support wikis that had been phased out but was still on the site. The wiki itself might not have been accessing the main DB, but the exploit allowed full execution rights on the web server itself, and there is other web software on the server that does have direct access to account info - I imagine this is how they were able to obtain access. This vulnerability did not appear to have anything to do with a SQL injection attack, although one might have been used in conjunction with the exploit. For the uninitiated, a SQL injection attack takes advantage of the nature of SQL (a language used to retrieve and update database information) to get it to do more than intended (the injection part). It can turn an innocuous database query that is pulling out a simple list of products into code that deletes all the users from a database or retrieves everyones password. It is an easy type of attack to prevent by using proper program design, but the vulnerabilities still slip into programs because developers take shorcuts or are unfamiliar with how to prevent an attack.
_____________________
Cristiano ANOmations - huge selection of high quality, low priced animations all $100L or less. ~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more.
|
