|
|
|
|
|
|
by mkjones
4871 days ago
|
|
|
Yeah, the moment we realized what was going on, it was like one of those horror stories you tell as a kid: "...the call was coming from INSIDE THE HOUSE." The only way an attacker could have come across this URL would be if they had access to our codebase specifically - the string in the "extra_log" param was hardcoded in the PHP endpoint. It didn't even occur to me that they might have placed it there. Only when someone pointed out that this param was actually md5("october") did we start to wonder if it might be a drill. |
|
|