| >> | Anonymous 15apr2025(tu)20:12 No.103599 OP P1| /f/ is down Will it come back, or did Hiroshimoot fuck up things for good this time?
In case you didn't already hear it all over the web, the 4chons server has been hacked because the software was literally years old. |
|
| >> | Anonymous 15apr2025(tu)21:29 No.103600 A P2R1| I hope it comes back tbqh I have more flash to post. |
|
| >> | Anonymous 16apr2025(we)00:19 No.103601 B P3R2| More importantly, were will you been in the mean time? In addition to actually playing videogames now I am trying out ourchan. It is slow right now, but such is life. |
|
| >> | Anonymous 16apr2025(we)01:28 No.103603 C P4R3| 4chan was hacked https://tech.slashdot.org/story/25/04/16/0012230/ 4chan-has-been-down-since-monday-night-after-prett y-comprehensive-own Someone in the comments describes the method as such:
>4chan allows uploading PDF to certain boards (/gd/, /po/, /qst/, /sci/, /tg/)
>They neglected to verify that the uploaded file is actually a PDF file. As such, PostScript files, containing PostScript drawing commands, can be uploaded.
>Said PostScript file will be passed into Ghostscript to generate a thumbnail image.
>The version of Ghostscript that 4chan uses is from 2012, so it is trivial to exploit.
>From there, we exploit a mistaken suid binary to elevate to the global user.
I don't know whether this is true or not. |
|
| >> | Anonymous 16apr2025(we)01:34 No.103604 C P5A lot more comments here: https://news.ycombinator.com/item?id=43691334
>Apparently some boards allowed uploading PDF files, but the site never checked if the PDF file was an actual PDF file. Once a PDF file was uploaded it was passed to a version of Ghostscript from 2012 which would generate a thumbnail. So the attacker found an exploit where uploading a PDF with the right PostScript commands could give the attacker shell access. |
|
| >> | Anonymous 16apr2025(we)05:09 No.103605 D P6R4 |
