The vulnerability could be leveraged by miscreants to execute arbitrary commands on the website's host server. A lack of input sanitization allowed carefully crafted commands, submitted as a URL in a web form, to be run on the underlying Linux-powered system, as root no less, meaning anyone who found and exploited the bug could take over the dot-com's web servers.
On Thursday morning, Serbian security researcher Predrag Cujanović tweeted details of a critical flaw in Trustico's website. The site was pulled offline – it just returns a 503 error
https://www.theregister.co.uk/2018/03/01/trustico_website_offline/
No comments:
Post a Comment