charles2j
commented
4 years ago v0.9.0 still exists ssrf, need to consider all api
Open murangoo opened 4 years ago
charles2j
commented
4 years ago v0.9.0 still exists ssrf, need to consider all api
Reiner030
commented
4 years ago This could be causing this injection?
# chkrootkit
...
Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/sqlite-3.23.1-6226c38c-5d11-45d7-a193-627d77bc0ba2-libsqlitejdbc.so
...
# lsof /tmp/sqlite-3.23.1-6226c38c-5d11-45d7-a193-627d77bc0ba2-libsqlitejdbc.so
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 800 cerebro mem REG 8,1 968800 2140 /tmp/sqlite-3.23.1-6226c38c-5d11-45d7-a193-627d77bc0ba2-libsqlitejdbc.soIn my case there where added bitcoin miner kinsing and some other stuff kdevtmpfsi... luckily only on a testing instance which can be dropped if not repairable...
I said the bug,ssrf security vulnerability