A hacking tool getting hacked
I have seen some discussions on Ao regarding google hacking(so called) but how about this news I know i am late as it was released on 6th of Dec but can't stop myself from posting this one here:
Quote:
A web site (picasa.google.com) belonging to Google has been defaced on saturday by the Brazilian defacer Xfaulz.
Picasa is a software package for managing photos, the company has been acquired by Google earlier this year. The server hosting the Picasa web site isn't part of the Google network, Xfaulz compromised it by exploiting the highlight parameter processing vulnerability in phpbb2 (some exploits allowing remote command execution are publicly available), the forums of Picasa are available at
http://forums.picasa.com . According to our database, this defacement remains the only digital attack against Google Inc.
The screenshot of the defacement is available here:
http://www.zone-h.org/en/defacements/mirror/id=1775926/
I was just wondering how defacer defaced that?
here is my guess
1) he went to google
2)searched for inurl:viewtopic.php
3)saw a google site there and ding dong.....LOL
how is that?
anyways here is a description of vulnerability if anyone interested http://seclists.org/lists/bugtraq/2004/Nov/0185.html
now is google compromising its own security?