John W. Long wrote: > This is just an FYI, but in the interests of full disclosure you should > be aware that the main Radiant site (http://radiantcms.org) was > exploited on May 15th this year. The attacker added an invisible link on > the homepage to another Web site. At the moment we don't know if this > was the result of an exploit on the Radiant CMS software itself, or if > the attacker used some other means. In either case the attacker managed > to create an admin user for himself and add his link to the homepage > layout. I was only made aware of the problem late last night and we are > still looking into it. > > Has anyone else been the victim of an attack on a Radiant Web site? Can > anyone shed light on how the attacker would be able to do this? > > -- > John Long > http://wiseheartdesign.com
Hi John, Contact me at my email address cptflam [at] gmail.com - I found the security hole. Sylvain -- Posted via http://www.ruby-forum.com/. _______________________________________________ Radiant mailing list Post: [email protected] Search: http://radiantcms.org/mailing-list/search/ Site: http://lists.radiantcms.org/mailman/listinfo/radiant
