SOOLID blog

This weekend, one of our server has been turned off because our ISP find on it a Phishing site. After some analisys we find that all problems comes from a domain with imageVue (a flash/php image gallery) installed.

The vulnerability is damn simple: the upload script doesn’t check credentials and doesn’t check file extension so anyone can go to http://urlofscript/admin/upload.php?path=../pathyouwant and upload everything.

Fortunately the system is clean and uncompromized, but the exploiter installed on it a “nice” phishing site for http://banca-bancolombia.com the same damn thing also described on this post.

The vulnerability is well described on securityfocus. So if you run ImageVue on your website make sure it’s a safe version.