In this video I discuss how 4chan.org was hacked by using old insecure php code in the backend of the sites software (yotsuba) which lead to the administrators being doxxed and having to take the s...
The source code leaked is all custom code that hasn’t been updated since 2015 and uses functions that have been removed from PHP for being insecure since 2019. The hack supposedly took advantage of PDF uploads not being scanned for embeded code. 4chan uses a program called ghostscript to create thumbnails of uploaded PDFs but the version they use is from 2012 and the hackers likely used a known exploit to get it to run embeded PDF code.
So unless the other websites are also running software from a decade ago, they’re probably good.
I wonder - does this put the other chans and kuns at the same risk of hacking or do they use different code?
The source code leaked is all custom code that hasn’t been updated since 2015 and uses functions that have been removed from PHP for being insecure since 2019. The hack supposedly took advantage of PDF uploads not being scanned for embeded code. 4chan uses a program called ghostscript to create thumbnails of uploaded PDFs but the version they use is from 2012 and the hackers likely used a known exploit to get it to run embeded PDF code.
So unless the other websites are also running software from a decade ago, they’re probably good.
Ah interesting. Yeah I wasn’t sure since they all sorta look the same and wondered if they were forks of each other or something.