Yesterday, I noticed something in the Radiant code. You are using a class variable in an observer to store the current_user. Using class variables in Rails is always bad, because a class is used by more then one user once loaded in production mode. I experienced a lot of problems with this in the past.
I can't say if this might cause the exploit, but the code could cause race conditions which might give users access to the wrong information. Edwin Vlieg Op 23-jul-2007, om 2:02 heeft John W. Long het volgende geschreven: > This is just an FYI, but in the interests of full disclosure you > should > be aware that the main Radiant site (http://radiantcms.org) was > exploited on May 15th this year. The attacker added an invisible > link on > the homepage to another Web site. At the moment we don't know if this > was the result of an exploit on the Radiant CMS software itself, or if > the attacker used some other means. In either case the attacker > managed > to create an admin user for himself and add his link to the homepage > layout. I was only made aware of the problem late last night and we > are > still looking into it. > > Has anyone else been the victim of an attack on a Radiant Web site? > Can > anyone shed light on how the attacker would be able to do this? > > -- > John Long > http://wiseheartdesign.com > _______________________________________________ > Radiant mailing list > Post: [email protected] > Search: http://radiantcms.org/mailing-list/search/ > Site: http://lists.radiantcms.org/mailman/listinfo/radiant _______________________________________________ Radiant mailing list Post: [email protected] Search: http://radiantcms.org/mailing-list/search/ Site: http://lists.radiantcms.org/mailman/listinfo/radiant
