GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Why · 12-21-2007, 07:42 AM

NATS uses smarty and there are known exploits to smarty.

does your members area use any open source software? or on any of your servers whose IP is allowed into the nats database have any?

here is a scenario.... Open source forum/ticket/gallery software in members area(or on any other server) with a known exploit. maybe this exploit allows a hacker to upload code to your server, that code could allow a hacker to read every file on your system(along with anything else they might want to do), thus allowing them to find your DB settings. with those he can write his own script to read your entire database and print it out, email it, or otherwise return it to him. said hacker then uses said database info to make money spamming your members.

so next time you think its NOT a hack job you might want to think again. until you understand how hackers work and how they get in, move around, get what they want and get out, you cant rule them out. doing so is just frankly silly. don't be so secure in your superiority.

12-21-2007, 07:42 AM
Why MFBA Industry Role: Join Date: Mar 2003 Location: PNW Posts: 7,230	NATS uses smarty and there are known exploits to smarty. does your members area use any open source software? or on any of your servers whose IP is allowed into the nats database have any? here is a scenario.... Open source forum/ticket/gallery software in members area(or on any other server) with a known exploit. maybe this exploit allows a hacker to upload code to your server, that code could allow a hacker to read every file on your system(along with anything else they might want to do), thus allowing them to find your DB settings. with those he can write his own script to read your entire database and print it out, email it, or otherwise return it to him. said hacker then uses said database info to make money spamming your members. so next time you think its NOT a hack job you might want to think again. until you understand how hackers work and how they get in, move around, get what they want and get out, you cant rule them out. doing so is just frankly silly. don't be so secure in your superiority.