Circuit City Discussion Board 0wned

By Roger on June 1, 2006 9:04 PM | | Comments (0) | TrackBacks (0)

I posted here and here on May 20th regarding exploitation of Invision Power Board bulletin board using in Movable Type's support forum such that the BB would serve up WMF exploits via IFRAME.

I even submitted the incident along with links to the Secunia writeup to SANS and it was published in the ISC on May 21st.

Looks like whoever is running the Circuit City Home Theatre Discussion Boards didn't get the message. According the CNET they were 0wned in the same fashion. I think it is interesting to note that unlike Movable Type, Circuit City is notifying the registered users of that board. On the other hand Circuit City apparently didn't find out about the event until notified by the SANS ISC.

The WMF exploit came out beginning of January. So people really should be patched and on top of that have antivirus. Imagine if they'd been using a newer exploit.

Categories

General

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: Circuit City Discussion Board 0wned.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/197

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on June 1, 2006 9:04 PM.

Life's Lessons: Wipe your hard drive before disposing of it was the previous entry in this blog.

HP Cuts Back on Telecommuting is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.23-en

Search