* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, October 23, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    ‘Chainsaw Man — The Movie: Reze Arc’ Review: Hit Manga Gets an Ultra-Violent, Surprisingly Emotional Big-Screen Adaptation – Yahoo

    Chainsaw Man – The Movie: Reze Arc Review: A Brutal and Unexpectedly Emotional Big-Screen Adaptation

    Reba McEntire Details Personal Relationship With Late Stepson Brandon Blackstock – KNDU

    Reba McEntire Shares Emotional Tribute to Her Late Stepson Brandon Blackstock

    Sacramento city leaders approve adding 2 entertainment zones in midtown – CBS News

    Sacramento City Leaders Approve Two Thrilling New Entertainment Zones in Midtown

    AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

    AMC Launches First New Dolby Experience in Gwinnett Since 2017

    Hetzel Design: blending architecture and entertainment – Blooloop

    Hetzel Design: Where Architecture and Entertainment Unite in Perfect Harmony

    Country music legend rushed to hospital year after heart surgery. Here’s what we know – PennLive.com

    Country Music Legend Rushed to Hospital One Year After Heart Surgery – What’s Happening Now?

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Next steps: Technology opens new options for greater mobility – Missouri Independent

    Next Steps: How Technology is Opening Exciting New Doors to Greater Mobility

    Rydberg Technologies Inc. Announces Launch of Rydberg Photonics in Berlin – The Quantum Insider

    Rydberg Technologies Launches Exciting New Photonics Division in Berlin

    A look into new technology at Columbia University that could help prevent a dangerous pregnancy complication – ABC7 New York

    A look into new technology at Columbia University that could help prevent a dangerous pregnancy complication – ABC7 New York

    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 Technology Stocks to Buy Now – Yahoo Finance

    3 Must-Buy Tech Stocks You Can’t Afford to Miss Right Now

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    ‘Chainsaw Man — The Movie: Reze Arc’ Review: Hit Manga Gets an Ultra-Violent, Surprisingly Emotional Big-Screen Adaptation – Yahoo

    Chainsaw Man – The Movie: Reze Arc Review: A Brutal and Unexpectedly Emotional Big-Screen Adaptation

    Reba McEntire Details Personal Relationship With Late Stepson Brandon Blackstock – KNDU

    Reba McEntire Shares Emotional Tribute to Her Late Stepson Brandon Blackstock

    Sacramento city leaders approve adding 2 entertainment zones in midtown – CBS News

    Sacramento City Leaders Approve Two Thrilling New Entertainment Zones in Midtown

    AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

    AMC Launches First New Dolby Experience in Gwinnett Since 2017

    Hetzel Design: blending architecture and entertainment – Blooloop

    Hetzel Design: Where Architecture and Entertainment Unite in Perfect Harmony

    Country music legend rushed to hospital year after heart surgery. Here’s what we know – PennLive.com

    Country Music Legend Rushed to Hospital One Year After Heart Surgery – What’s Happening Now?

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Next steps: Technology opens new options for greater mobility – Missouri Independent

    Next Steps: How Technology is Opening Exciting New Doors to Greater Mobility

    Rydberg Technologies Inc. Announces Launch of Rydberg Photonics in Berlin – The Quantum Insider

    Rydberg Technologies Launches Exciting New Photonics Division in Berlin

    A look into new technology at Columbia University that could help prevent a dangerous pregnancy complication – ABC7 New York

    A look into new technology at Columbia University that could help prevent a dangerous pregnancy complication – ABC7 New York

    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 Technology Stocks to Buy Now – Yahoo Finance

    3 Must-Buy Tech Stocks You Can’t Afford to Miss Right Now

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells

June 7, 2024
in Technology
Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells
Share on FacebookShare on Twitter

HackerImage: Midjourney

Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama.

The web shell enables further exploitation of the breached endpoints, such as enlisting them as part of the attackers’ infrastructure to evade detection in subsequent operations.

The first signs of this activity date back to October 2023, but according to Akamai analysts monitoring it, the malicious activity has recently expanded and intensified.

Targeting old vulnerabilities

ThinkPHP is an open-source web application development framework that is particularly popular in China.

CVE-2018-20062, fixed in December 2018, is an issue discovered in NoneCMS 1.3, allowing remote attackers to execute arbitrary PHP code via crafted use of the filter parameter.

CVE-2019-9082 impacts ThinkPHP 3.2.4 and older, used in Open Source BMS 1.1.1., is a remote command execution problem addressed in February 2019.

The two flaws are leveraged in this campaign to enable the attackers to perform remote code execution, impacting the underlying content management systems (CMS) on the target endpoints.

Specifically, the attackers exploit the bugs to download a text file named “public.txt,” which, in reality, is the obfuscated Dama web shell saved as “roeter.php.”

The payload is downloaded from compromised servers located in Hong Kong and provides the attackers with remote server control following a simple authentication step using the password “admin.”

Akamai says the servers delivering the payloads are infected themselves with the same web shell, so it appears that compromised systems are turned into nodes in the attacker’s infrastructure.

The Dama web shell

Dama has advanced capabilities enabling the threat actors to navigate the file system on the compromised server, upload files, and gather system data, essentially aiding in privilege escalation.

It can also perform network port scanning, access databases, and bypass disabled PHP functions for shell command execution.

The Dama interfaceThe Dama interface
​​​​​​​Source: Akamai

A notable omission from Dama’s capabilities is the lack of a command-line interface, which would allow threat actors a more hands-on approach to executing commands.

Akamai notes that this missing functionality is notable given Dama’s otherwise extensive functionality.

Mitigation

Exploiting 6-year-old flaws serves as another reminder of the persistent problem of poor vulnerability management, as attackers, in this case, leverage security vulnerabilities patched a long time ago.

The recommended action for potentially impacted organizations is to move to the most recent ThinkPHP, version 8.0, which is safe against known remote code execution bugs.

Akamai also notes that the targeting scope of this campaign is broad, even impacting systems not using ThinkPHP, which suggests opportunistic motives.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/hackers-exploit-2018-thinkphp-flaws-to-install-dama-web-shells/

Tags: Exploithackerstechnology
Previous Post

Ukraine says hackers abuse SyncThing data sync tool to steal data

Next Post

Los Angeles Unified School District investigates data theft claims

Former world chess champion Vladimir Kramnik investigated for bullying following death of grandmaster Daniel Naroditsky – CNN

Former World Chess Champion Vladimir Kramnik Under Investigation Amid Tragic Loss of Grandmaster Daniel Naroditsky

October 23, 2025
Trump approval on economy hits new low: Quinnipiac poll – The Hill

Trump’s Economic Approval Hits Historic Low in Shocking New Poll

October 23, 2025
‘Chainsaw Man — The Movie: Reze Arc’ Review: Hit Manga Gets an Ultra-Violent, Surprisingly Emotional Big-Screen Adaptation – Yahoo

Chainsaw Man – The Movie: Reze Arc Review: A Brutal and Unexpectedly Emotional Big-Screen Adaptation

October 23, 2025
WHO launches new country guidance for health emergency coordination – World Health Organization (WHO)

WHO Launches Bold New Global Guidelines to Revolutionize Health Emergency Coordination

October 23, 2025
Gettysburg suffers damage as advocates ask public to be vigilant during shutdown – CNN

Gettysburg Endures Damage as Advocates Call for Public Vigilance Amid Shutdown

October 23, 2025
Vibrio pectenicida strain FHCF-3 is a causative agent of sea star wasting disease – Nature

Vibrio pectenicida strain FHCF-3 is a causative agent of sea star wasting disease – Nature

October 23, 2025
Condensation defying gravity – European Space Agency

Condensation defying gravity – European Space Agency

October 23, 2025
Guest educators bring fun environmental science to Kent middle school – MyEasternShoreMD

Guest Educators Ignite Passion for Environmental Science at Kent Middle School

October 23, 2025
Equity Lifestyle Properties, Inc. Profit Rises In Q3, Beats Estimates – Nasdaq

Equity Lifestyle Properties Delivers Impressive Q3 Profit, Exceeding All Expectations

October 23, 2025
Next steps: Technology opens new options for greater mobility – Missouri Independent

Next Steps: How Technology is Opening Exciting New Doors to Greater Mobility

October 23, 2025

Categories

Archives

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Sep    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (882)
  • Economy (904)
  • Entertainment (21,775)
  • General (17,762)
  • Health (9,945)
  • Lifestyle (916)
  • News (22,149)
  • People (904)
  • Politics (914)
  • Science (16,114)
  • Sports (21,403)
  • Technology (15,883)
  • World (887)

Recent News

Former world chess champion Vladimir Kramnik investigated for bullying following death of grandmaster Daniel Naroditsky – CNN

Former World Chess Champion Vladimir Kramnik Under Investigation Amid Tragic Loss of Grandmaster Daniel Naroditsky

October 23, 2025
Trump approval on economy hits new low: Quinnipiac poll – The Hill

Trump’s Economic Approval Hits Historic Low in Shocking New Poll

October 23, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version