Pligg Send Announcement Module v0.2 Security Exploit Discovered

Posted by Lincoln in Pligg on Tuesday, July 8th 2008   

Digg it

Bookmark it

Stumble it

Mixx It

In the past we have reported on pligg spam problems including pycurl, registration spam, India, and a previous spam attack over at designfloat, it now seems Andrew of DesignFloat has discovered a new type of spam vulnerability within pligg’s Send Announcement Module v0.2.

Below is what Andrew had to say about the attack at the designfloat blog.

I would like to express a huge apologie for the SPAM email that was sent out. An admin module that sends announcements to all the members was hacked and used to solicit the email. I have since disabled and removed the module and will be working to resolve the hole that allowed someone to exploit the module.

If your a pligg webmaster and are using or have enabled the Send Announcement Module v0.2 it may be an idea to disable this module, at least until some more details or a solution to the exploit is discovered.

Popularity: 10% [?]



If you enjoyed this post, make sure you subscribe to our RSS feed!

 

This post was written by:

Lincoln - who has written 169 posts on Social CMS Buzz.

Owner of Social CMS Buzz and a fan of all things social and design related.

Contact the author

Web: http://socialcmsbuzz.com

Related Content

Subscribe to the post comments feeds or Leave a trackback


Tags: , , , , , ,

4 Comments Already

commenter
David Mackey Said,
July 17th, 2008 @1:31 am  

Good to know. Looking forward to some more details on how the exploit occurred.

commenter
Geoserv Said,
July 22nd, 2008 @12:33 am  

Thanks fr the heads up Lincoln.

Pingback & Trackback
mygif
Pingback from Vote for this article at blogengage.com
July 8th, 2008 @10:51 pm  

Related Post

Please Leave Your Comments Below

Please Note: All comments will be moderated

« Social CMS Buzz New Look And Logo
EIOBA: Social Article Submissions Built Using Prado PHP Framework »