|
|
|
|
News |
|
[ In a world of risk, know who to trust ] |
|
|
Current security industry news |
|
Flawed wiki software allows for creation of botnets
The SANS Institute's Internet Storm Centre has reported that bugs that are present in Pmwiki and Tikiwiki software are allowing the creation of botnets. Wiki software consists of web-based applications that allow web users to add, remove and change the content in websites that rely on a collaboration of readers to enhance the information. An example of this type of website is wikipedia online encyclopaedia.
SANS claims that there are vulnerabilities in all versions of Tikiwiki up to and including 1.9, as well as all versions of Pmwiki including 2.1.19. It is also thought that the flaws are present because of a virus writer.
While the hole in the Pmwiki application can only be used when the "Register_globals" feature is in use, the Tikiwiki bug has no such limitation and can be used regardless.
The flaws allow cyber criminals to launch a bot that accesses Undernet IRC servers and also to send a number of attacks and exploits to the infected machines.
It has been advised that users upgrade Pmwiki to circumvent this attack, while Tikiwiki users have been told to use a workaround until there are patches available.
Read the original article here
http://www.theregister.co.uk/2006/09/07/wiki_exploit/
|
|
|
|
