greg.grimes at msstate.edu
Thu Jun 26 07:13:52 CDT 2008
Well, that's the 50 million dollar question now isn't it? If I was an attacker,
I would send a malicious link to people who regularly visit a website that uses
Thumblist2. Just do a google search for inurl:Thumblist2 and you have at least
one that comes up. But this isn't really about your site, this about any site
that uses PmWiki. For example, I work for a university. If someone wanted
they could make a very legitimate looking link that points to our wiki page.
Because the URL would have msstate.edu in it, a lot of people would feel that
there isn't anything wrong with the link and click it. If only a handful fall
for it, well...that's a handful of bot computers they just got. Not everyone
uses Firefox or Opera.
As for not following the proper notification path for this, I am sorry. I am
new to the PmWiki development world. I did e-mail Patrick about the issue
after Hans told me I should. Patrick responded and said it would be fixed a
new release sometime today, 26 Jun 2008.
Quoting Petko Yotov <5ko at 5ko.fr>:
> which keeps me wondering why would an attacker use my site and what exactly
> can he get from this.
More information about the pmwiki-devel