Dark
Light

Mirai Botnet attacks vulnerable OFBiz Servers with Directory Traversal vulnerability

1 min read
56 views




Summary of Mirai Botnet Targeting OFBiz Servers

TLDR:

  • ERPs like OFBiz are vulnerable to critical security flaws, putting business data at risk.
  • A directory traversal vulnerability in OFBiz allowed for remote code execution.

Enterprise Resource Planning (ERP) Software like OFBiz is crucial for many businesses but is also a target for cyber attacks. The open-source ERP framework OFBiz was recently targeted by the Mirai botnet due to a directory traversal vulnerability that allowed for remote command execution. A critical security update was released to patch this vulnerability, but exploitation was still possible for older versions of OFBiz. The exploit was triggered by inserting a semicolon in the URL, allowing unauthorized access to sensitive areas like “ProgramExport.” The exploit attempts were detected by the SANS Internet Storm Center, indicating a rise in attacks targeting this vulnerability. The attackers utilized two different methods to execute commands through the vulnerability, potentially adding it to Mirai botnet variants. The IP addresses involved in these exploit attempts were also linked to IoT device attacks, showcasing a broader scope of malicious activities. Overall, the discovery of this vulnerability highlights the ongoing challenge of securing complex ERP systems and the importance of prompt patching to prevent data breaches.


Previous Story

Hackers exploit TryCloudflare to sneak in malware undetected

Next Story

Dakota State’s all-girls cybersecurity camp defies stereotypes with style

Latest from News