chelahmy Posted September 9, 2017 Report Share Posted September 9, 2017 http://yiimp.eu/Â was hacked! DNR stealer wallet: D9YR4pxP4KDfcgVPW3Vd1R9Sn6Tf1d3z32 (-40000) Â 1 Quote Link to comment Share on other sites More sharing options...
ferahan Posted September 9, 2017 Report Share Posted September 9, 2017 http://hashbag.cc/ and other YiiMP pools were hacked too 1 Quote Link to comment Share on other sites More sharing options...
Jerppu Posted September 9, 2017 Report Share Posted September 9, 2017 (edited) I was checking the YiiMP github (https://github.com/tpruvot/yiimp) and saw this Quote There a lot of unused code in the php branch. Lot come from other projects I worked on and I've been lazy to clean it up before to integrate it to yaamp. It's mostly based on the Yii framework which implements a lightweight MVC. Now, as there's a lot of unused code based on Yii framework, I was thinking this might be it. I searched Yii framework vulnerabilities, and there are some. Haven't check them deeply if they could allow fileupload or similar, but it's quite scary to find these... https://www.cvedetails.com/vulnerability-list/vendor_id-13516/Yiiframework.html  Well if there's a code from 1.1.14 version, then you can execute arbitrary PHP scripts on the serverhttp://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/  Edited September 9, 2017 by Jerppu 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.