Pligg Send Announcement Module v0.2 Security Exploit Discovered

In the past we have reported on pligg spam problems including pycurl, registration spam, India, and a previous spam attack over at designfloat, it now seems Andrew of DesignFloat has discovered a new type of spam vulnerability within pligg’s Send Announcement Module v0.2.

Below is what Andrew had to say about the attack at the designfloat blog.

I would like to express a huge apologie for the SPAM email that was sent out. An admin module that sends announcements to all the members was hacked and used to solicit the email. I have since disabled and removed the module and will be working to resolve the hole that allowed someone to exploit the module.

If your a pligg webmaster and are using or have enabled the Send Announcement Module v0.2 it may be an idea to disable this module, at least until some more details or a solution to the exploit is discovered.

Share This Article
SubscribeBlinklistBloglinesBlogmarksDiggdel.icio.usFacebookFurlRedditStumbleUponTechnorati
If you enjoyed this post, make sure you subscribe to my RSS feed!

Article Details

#

Author: on July 8th, 2008

Category: Pligg

Tags: , , , , , ,

Related Articles

  1. David Mackey says:
    July 17, 2008 at 1:31 am

    Good to know. Looking forward to some more details on how the exploit occurred.

  2. Geoserv says:
    July 22, 2008 at 12:33 am

    Thanks fr the heads up Lincoln.

  3. bbrian017 says:
    January 28, 2010 at 7:09 pm

    It’s sad to say but this just happened to me! Amazing to say it was another pligg site that hacked me and sent e-mails to join their pligg site.

    very embarrassing.

  1. Vote for this article at blogengage.com
    July 8th, 2008 at 10:51 pm
  2. WARNING - Security hole found in Pligg Send Announcement v0.2 | Pliggs
    July 22nd, 2008 at 12:38 am

Leave a Reply

You must be logged in to post a comment.