Sujet : Re: Is Rocksolid Light really compromised and insecure?
De : rayban (at) *nospam* raybanana.net (Ray Banana)
Groupes : news.admin.peeringDate : 12. Jul 2025, 20:41:55
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <slrn1075ek3.2ag38.rayban@raybanana.net>
References : 1 2
User-Agent : slrn/pre1.0.4-9 (Linux)
* Marco Moock wrote:
On 12.07.2025 10:21 Uhr Anonymous wrote:
>
Some have claimed that Rocksolid Light is insecure. They have claimed
that there are many vulnerabilities in the codebase. They have
claimed that Rocksolid Light should not be used or peered.
Yet I have not seen a single supposed vulnerability demonstrated.
I have not seen any CVE filings.
Can anyone demonstrate and prove any of the claimed exploits?
>
It least older versions were vulnerable to SQL injections that made
creating files in the spool directory possible. The files.php file also
seems vulnerable to such attacks.
That would explain how the "haxxor" was able to grab account data for
a technical account for i2pn2.org (presumably the account used for the
communication between the rslight frontend and the i2pn2 backend server).
To make things even worse, there is nobody who is able to revoke
the compromised account or change its password.
-- Пу́тін — хуйло́https://www.eternal-september.org
Is Rocksolid Light really compromised and insecure?
Re: Is Rocksolid Light really compromised and insecure?