0

in https://twitter.com/nnwakelam/status/1363761612423786496, its tweeted:

fucking yikes.. ran every bitcoin exchange for a really common shell and found....

Uname: Linux cloudimage 4.4.0-166-generic #195-Ubuntu SMP Tue Oct 1 09:36:25 UTC 2019 i686
User: 33 [ www-data ] Group: 33 [ www.data ]
7.0.33-0ubuntu0.16.04.16 Safe Mode: OFF

Some of that might be anonymized...?

what is the vulnerability here? What "really common shell" might he/she be talking about?

hedgedandlevered
  • 125
  • 4

1 Answers1

2

They're claiming that they found a webshell installed on a bitcoin exchange site. So the vulnerability is that someone has already compromised the exchange's server and left the webshell sitting ready to take commands from anybody... and that as a "really common shell", lots of people would know how to find it and use it.

Not enough information to tell which common shell it is, however.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • Whats an example common shell they could be talking about? how would you "scan" for this? – hedgedandlevered Feb 23 '21 at 01:17
  • There's a collection of webshells at [github](https://github.com/tennc/webshell), and I would assume the poster scanned by testing commonly used URL paths to see if anything showed up. – gowenfawr Feb 23 '21 at 01:50