Rushi MK-II

My Tumblelog - when I feel there isn't enough to blog about.

Posted 2 years ago

apache.org incident report for 04/09/2010 : Apache Infrastructure Team

https://blogs.apache.org/infra/entry/apache_org_04_09_2010

Apache.org and several of its JIRA, BugZilla installations were compromised due a XSS bug in Atlassian JIRA.

Its very interesting to see how the hacker(s) progressed from a simple XSS vulnerability to gaining full root access on the Apache servers