Page MenuHomeMiraheze

Findings of a Security Researcher on Discord
Closed, ResolvedPublic

Description

A security researcher found us on Discord but he said:

type this in terminal `sqlmap -u https://miraheze.org/ --dbs --risk=3 --level=5```

To find an sql injection attack

And that we are vulnerable to a "syn tcp DOS"

Event Timeline

He said we have these ports open:
22/tcp open ssh syn-ack ttl 48
80/tcp open http syn-ack ttl 251
113/tcp closed ident reset ttl 59
443/tcp open https syn-ack ttl 251
2000/tcp open cisco-sccp syn-ack ttl 59
5060/tcp open sip syn-ack ttl 59
22/tcp open ssh syn-ack ttl 48
80/tcp open http syn-ack ttl 251
443/tcp open https syn-ack ttl 251
2000/tcp open cisco-sccp syn-ack ttl 59
5060/tcp open sip syn-ack ttl 59

We should check if they should be

He also is claiming to be able to take https://51.89.160.142/ down

DM Liпцх.јѕ#4488 on Discord and he will go through it

RhinosF1 raised the priority of this task from High to Unbreak Now!.Jun 9 2020, 07:53

If he can bring us offline, that's important

I've said what they answered in -staff. Not sure what else there is to say.

John claimed this task.
John added a subscriber: John.

Nothing of relevance then. Points brought up are invalid or common knowledge.

John removed John as the assignee of this task.Jun 12 2020, 11:23
John changed the visibility from "Custom Policy" to "Public (No Login Required)".
John changed the edit policy from "Custom Policy" to "All Users".