Another .mu website hacked

Yet another .mu website hacked. A while ago I came across a domain qualitevolaille.mu which displays a Hacked By Probiltar page.

qualitevolaile-mu

qualitevolaile-mu-hacked

The message is signed by "Khalifa Team Hacker"

qualitevolaile-mu-hacked-translated

I used Google Translate to read the message

The domain was registered in 2014 and there is no detail about the registrant.

Domain Name: qualitevolaille.mu Domain ID: 940017-IDL WHOIS Server: Referral URL: Updated Date: 2014-06-02T04:43:00.342Z Creation Date: 2014-05-12T11:54:59.962Z Registry Expiry Date: 2015-05-12T11:55:00.189Z Sponsoring Registrar: Register.mu Sponsoring Registrar IANA ID: Domain Status: ok

Following the question put by Avinash, the website of qualitevolaille.mu was compromised due to an un-patched CMS (Drupal). A vulnerability, among other flaws on the webserver could have allowed the attacker to upload a "webshell".

qualitevolaille-mu-shell

Google cached page showing a "webshell" on qualitevolaille.mu

A "webshell" is a web-based tool that allows an attacker to launch commands server-side, run scripts, modify/create/delete files etc.


Share this post