Pligg Send Announcement Module v0.2 Security Exploit Discovered

In the past we have reported on pligg spam problems including pycurl, registration spam, India, and a previous spam attack over at designfloat, it now seems Andrew of DesignFloat has discovered a new type of spam vulnerability within pligg’s Send Announcement Module v0.2.

Below is what Andrew had to say about the attack at the designfloat blog.

I would like to express a huge apologie for the SPAM email that was sent out. An admin module that sends announcements to all the members was hacked and used to solicit the email. I have since disabled and removed the module and will be working to resolve the hole that allowed someone to exploit the module.

If your a pligg webmaster and are using or have enabled the Send Announcement Module v0.2 it may be an idea to disable this module, at least until some more details or a solution to the exploit is discovered.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Article Details

#

Author: on July 8th, 2008

Category: Pligg

Tags: , , , , , ,

  1. David Mackey says:

    Good to know. Looking forward to some more details on how the exploit occurred.

  2. Geoserv says:

    Thanks fr the heads up Lincoln.

  3. bbrian017 says:

    It’s sad to say but this just happened to me! Amazing to say it was another pligg site that hacked me and sent e-mails to join their pligg site.

    very embarrassing.

  1. Vote for this article at blogengage.com
  2. WARNING - Security hole found in Pligg Send Announcement v0.2 | Pliggs