Facebook Problems.

Publicated on : 1187016863
As everyone probably knows, Facebooks sourcecode has leaked. Facebook is sending out letters to everyone to stop publishing it's source code. I guess it's a little late for that. Everyone who knows Google can find it back. But I guess the problems doesn't stop there. It seems that they run a very old thttpd server, namely version 1.0. While it is a cool and tiny server, I would not run it. Just ask Google. Now, there is a tiny unnoticed lesson in this because the same happened to del.icio.us once. Imagine your server spits out PHP files as plain text. Where do you got your database connection information stored? Yes, always save this under your www folder where it cannot be accessed in such a case. Facebook has been very lucky.

Thttpd is the first server I was able to exploit some 6 years back, so it brings back memories. One of my favorite exploits all time is the Off by one buffer overflow it suffer(ed)s from, because it really shows how careless programmers are: set a max buffer and forget that a loop starts counting at 0, + 1 and it overflows. Anyway, that not the point now. If they are running a very early version they should upgrade.

If anyone wants to know how I found the server, I probably have to disappoint you, cause it's done with Google also.