* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Friday, October 3, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

    Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    The Police Made Chart History With This 1979 Hit Nearly 50 Years Ago – Yahoo

    How The Police Changed Music Forever with Their Iconic 1979 Hit Nearly 50 Years Ago

    Good Deed Entertainment Acquires Worldwide Rights To Liza Mandelup’s Documentary ‘Caterpillar’ – Deadline

    Good Deed Entertainment Lands Global Rights to Liza Mandelup’s Captivating Documentary ‘Caterpillar

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Technology Is Becoming More Important Than Humans In CX – No Jitter

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

    Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

    Steampunk Metal Oval Technology Sense Sunglasses Personality Handmade Chain Multicolor Sunglasses UV400 – The San Joaquin Valley Sun

    Steampunk Metal Oval Sunglasses with Handmade Multicolor Chain – Bold UV400 Protection and Unique Style

    STELLA Automotive AI Appoints Fred Seidelman as Chief Technology Officer – Yahoo Finance

    STELLA Automotive AI Appoints Fred Seidelman as New Chief Technology Officer

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Four Strategic Signals Technology Leaders Are Tuning In To – SPONSOR CONTENT FROM ARM – Harvard Business Review

    Four Essential Strategic Signals Every Technology Leader Should Watch

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

    Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    The Police Made Chart History With This 1979 Hit Nearly 50 Years Ago – Yahoo

    How The Police Changed Music Forever with Their Iconic 1979 Hit Nearly 50 Years Ago

    Good Deed Entertainment Acquires Worldwide Rights To Liza Mandelup’s Documentary ‘Caterpillar’ – Deadline

    Good Deed Entertainment Lands Global Rights to Liza Mandelup’s Captivating Documentary ‘Caterpillar

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Technology Is Becoming More Important Than Humans In CX – No Jitter

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

    Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

    Steampunk Metal Oval Technology Sense Sunglasses Personality Handmade Chain Multicolor Sunglasses UV400 – The San Joaquin Valley Sun

    Steampunk Metal Oval Sunglasses with Handmade Multicolor Chain – Bold UV400 Protection and Unique Style

    STELLA Automotive AI Appoints Fred Seidelman as Chief Technology Officer – Yahoo Finance

    STELLA Automotive AI Appoints Fred Seidelman as New Chief Technology Officer

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Four Strategic Signals Technology Leaders Are Tuning In To – SPONSOR CONTENT FROM ARM – Harvard Business Review

    Four Essential Strategic Signals Every Technology Leader Should Watch

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells

June 7, 2024
in Technology
Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells
Share on FacebookShare on Twitter

HackerImage: Midjourney

Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama.

The web shell enables further exploitation of the breached endpoints, such as enlisting them as part of the attackers’ infrastructure to evade detection in subsequent operations.

The first signs of this activity date back to October 2023, but according to Akamai analysts monitoring it, the malicious activity has recently expanded and intensified.

Targeting old vulnerabilities

ThinkPHP is an open-source web application development framework that is particularly popular in China.

CVE-2018-20062, fixed in December 2018, is an issue discovered in NoneCMS 1.3, allowing remote attackers to execute arbitrary PHP code via crafted use of the filter parameter.

CVE-2019-9082 impacts ThinkPHP 3.2.4 and older, used in Open Source BMS 1.1.1., is a remote command execution problem addressed in February 2019.

The two flaws are leveraged in this campaign to enable the attackers to perform remote code execution, impacting the underlying content management systems (CMS) on the target endpoints.

Specifically, the attackers exploit the bugs to download a text file named “public.txt,” which, in reality, is the obfuscated Dama web shell saved as “roeter.php.”

The payload is downloaded from compromised servers located in Hong Kong and provides the attackers with remote server control following a simple authentication step using the password “admin.”

Akamai says the servers delivering the payloads are infected themselves with the same web shell, so it appears that compromised systems are turned into nodes in the attacker’s infrastructure.

The Dama web shell

Dama has advanced capabilities enabling the threat actors to navigate the file system on the compromised server, upload files, and gather system data, essentially aiding in privilege escalation.

It can also perform network port scanning, access databases, and bypass disabled PHP functions for shell command execution.

The Dama interfaceThe Dama interface
​​​​​​​Source: Akamai

A notable omission from Dama’s capabilities is the lack of a command-line interface, which would allow threat actors a more hands-on approach to executing commands.

Akamai notes that this missing functionality is notable given Dama’s otherwise extensive functionality.

Mitigation

Exploiting 6-year-old flaws serves as another reminder of the persistent problem of poor vulnerability management, as attackers, in this case, leverage security vulnerabilities patched a long time ago.

The recommended action for potentially impacted organizations is to move to the most recent ThinkPHP, version 8.0, which is safe against known remote code execution bugs.

Akamai also notes that the targeting scope of this campaign is broad, even impacting systems not using ThinkPHP, which suggests opportunistic motives.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/hackers-exploit-2018-thinkphp-flaws-to-install-dama-web-shells/

Tags: Exploithackerstechnology
Previous Post

Ukraine says hackers abuse SyncThing data sync tool to steal data

Next Post

Los Angeles Unified School District investigates data theft claims

Arts economy grows, but funding lags on Long Island – Long Island Business News

Arts Economy Flourishes on Long Island, But Funding Struggles to Keep Up

October 3, 2025
Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

October 3, 2025
HIV pioneer Dr. William Valenti retires, leaving lasting impact on health community – 13wham.com

HIV Pioneer Dr. William Valenti Retires, Leaving an Enduring Impact on the Health Community

October 3, 2025
As the shutdown drags on, the threat of permanent cuts is mired in politics – NPR

As the Shutdown Continues, the Risk of Lasting Cuts Grows Amid Political Stalemate

October 3, 2025
West Seattle Ecology Fair 2025, report #2: Heat waves aren’t just a source of discomfort – West Seattle Blog…

West Seattle Ecology Fair 2025: Uncovering the Hidden Impacts of Heat Waves Beyond Our Comfort

October 3, 2025
Roam The Huntington after dark at an atmospheric ‘Strange Science’ night – NBC Los Angeles

Uncover the Secrets of The Huntington After Dark at the Enchanting ‘Strange Science’ Night

October 3, 2025
Viral apple cider vinegar weight loss study retracted for flawed science – ScienceDaily

Viral apple cider vinegar weight loss study retracted for flawed science – ScienceDaily

October 3, 2025
A love letter to the garden – The Inquirer and Mirror

A Heartfelt Ode to the Garden: Celebrating Nature’s Timeless Beauty

October 3, 2025
Technology Is Becoming More Important Than Humans In CX – No Jitter

Technology Is Becoming More Important Than Humans In CX – No Jitter

October 3, 2025
NFL Power Rankings, Week 5: Rodgers, Steelers surge into top 10; Ravens in free fall – CBS Sports

NFL Power Rankings, Week 5: Rodgers, Steelers surge into top 10; Ravens in free fall – CBS Sports

October 2, 2025

Categories

Archives

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Sep    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (848)
  • Economy (869)
  • Entertainment (21,743)
  • General (17,379)
  • Health (9,912)
  • Lifestyle (881)
  • News (22,149)
  • People (870)
  • Politics (880)
  • Science (16,079)
  • Sports (21,369)
  • Technology (15,852)
  • World (851)

Recent News

Arts economy grows, but funding lags on Long Island – Long Island Business News

Arts Economy Flourishes on Long Island, But Funding Struggles to Keep Up

October 3, 2025
Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

October 3, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version