This project is read-only.
1
Vote

Security Issue .. potentially related to Effority or .NET vulnerability

description

There appears to be a security vulnerability in Effority Workflow with Workflow 00.05.01 version. Don't know if it is the module itself that is vulnerable or the vulnerability is strickly leveraging just this Effority module but the core Text/HTML module that ships with DNN appears to be unaffected. Right now the attack appears to be inserting links to illegal movie sites embedded within Effority Text/HTML instances on a DNN site (not just mine). These links display outside of the normal viewable area (-600 left, etc). The links are to sites like globalmovies.net, alfamovie.com, ftmovie.com, 100kmovie.com, etc. It looks like someone has hacked DNN and specifically this module (content is specifically in data table related to Effority Text/HTML with Workflow module) and placed them on legit sites (ones that Google views as legit) for a cross reference boost to their search results within Google. Google may be aware of the issue from a post to their user forums. This hack would effectively raise these illegal movie sites higher in the search results returned to a typical Google user looking for movies. These do appear to be scam movie sites offering illegal copies of Hollywood films or just stealing card accounts from users unaware of the site intent. Anyone aware of this vulnerability and if it is related to a DNN ASP.NET issue or the Effority module where the content seems to be exclusively placed?

comments