Update : Tumblr safety flaw, Clarification yesteryear Tumblr official staff ! : The Hacker News https://infohacknews.blogspot.com//search?q=tumblr-security-flaw-clarification-by
There is a possible safety resultant alongside Tumblr. Basically a lot of confidential information, including server IPS, API keys, passwords, etc were leaked. There are closed to of the materials that got disclosed:
Database::set_defaults(array( ‘user’ => ‘tumblr3′, ‘password’ => ‘m3MpH1C0Koh39….55Z8YWStbgTmcgQWJvFt4′, ..define(‘MEMCACHE_HOST’, ’10.252.0.68′); define(‘MEMCACHE_VERSION_HOST’, ‘10.252.0.67‘);Database::add(‘primary’, array(‘host’ => ’192.168.200.142‘)); ..
We redacted a fleck to protect the innocent, simply anyone tin notice it on Google.
So what is going on? Did they got hacked somehow? We don’t intend so… By looking at the disclosed information dump, it looks similar 1 of their developers brand a footling mistake:
i?php require_once(‘chorus/Utils.php’);
Can you lot come across it above? Instead of starting the PHP file alongside a “<php”, he started alongside “i?php” too somehow it went to production…. Guess what happened? Instead of executing the PHP code, the spider web server would display the source code for everyone to see… Including passwords, API keys, server names too anything that was specified inwards there.
What tin nosotros acquire from this ? One, is that the developer uses VI/VIM. Two, exam your code earlier going to production. Three, never rely on obscutiry lonely for your security
Share This :
comment 0 Comments
more_vert