Quote:
Originally Posted by Why
NATS uses smarty and there are known exploits to smarty.
does your members area use any open source software? or on any of your servers whose IP is allowed into the nats database have any?
here is a scenario.... Open source forum/ticket/gallery software in members area(or on any other server) with a known exploit. maybe this exploit allows a hacker to upload code to your server, that code could allow a hacker to read every file on your system(along with anything else they might want to do), thus allowing them to find your DB settings. with those he can write his own script to read your entire database and print it out, email it, or otherwise return it to him. said hacker then uses said database info to make money spamming your members.
so next time you think its NOT a hack job you might want to think again. until you understand how hackers work and how they get in, move around, get what they want and get out, you cant rule them out. doing so is just frankly silly. don't be so secure in your superiority.
|
How would someone go about finding where there was an exploit and getting rid of it?