Pligg Send Announcement Module v0.2 Security Exploit Discovered

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

In the past we have reported on pligg spam problems including pycurl, registration spam, India, and a previous spam attack over at designfloat, it now seems Andrew of DesignFloat has discovered a new type of spam vulnerability within pligg’s Send Announcement Module v0.2.

Below is what Andrew had to say about the attack at the designfloat blog.

I would like to express a huge apologie for the SPAM email that was sent out. An admin module that sends announcements to all the members was hacked and used to solicit the email. I have since disabled and removed the module and will be working to resolve the hole that allowed someone to exploit the module.

If your a pligg webmaster and are using or have enabled the Send Announcement Module v0.2 it may be an idea to disable this module, at least until some more details or a solution to the exploit is discovered.

BlinklistBloglinesBlogmarksDiggdel.icio.usFacebookFurlRedditStumbleUponTechnorati

If you enjoyed this post, make sure you subscribe to our RSS feed!

Article Details

Author: Lincoln on July 8th, 2008

Category: Pligg

Tags: exploit, module, Pligg, pligg exploit, pligg module, security, Send Announcement

3 Comments
2 Trackbacks

David Mackey says:
July 17, 2008 at 1:31 am
Good to know. Looking forward to some more details on how the exploit occurred.
Geoserv says:
July 22, 2008 at 12:33 am
Thanks fr the heads up Lincoln.
bbrian017 says:
January 28, 2010 at 7:09 pm
It’s sad to say but this just happened to me! Amazing to say it was another pligg site that hacked me and sent e-mails to join their pligg site.
very embarrassing.