Critical TootRoot bug lets attackers hijack #Mastodon servers
> bad actor sends malicious toot
> instances process malicious toot
> spawns webshell
> bad actor uses webshell to assume control over the server
There is a #security patch for this - all Mastodon server admins should update if they haven't already.
#cybersecurity #infosec
https://www.bleepingcomputer.com/news/security/critical-tootroot-bug-lets-attackers-hijack-mastodon-servers/
Avoid The Hack! /
npub1vk…7w6p2
2023-07-08 14:13:00
Author Public Key
npub1vkypeczpkdeu63xx5qdm4sl775wkcdkgmxsw88cyjzcemztwrm6sd7w6p2Published at
2023-07-08 14:13:00Event JSON
{
"id": "6b2053891e5fd62238395774d0aaf8730acc38e23991850e48b4d658504e4174",
"pubkey": "65881ce041b373cd44c6a01bbac3fef51d6c36c8d9a0e39f0490b19d896e1ef5",
"created_at": 1688825580,
"kind": 1,
"tags": [
[
"t",
"mastodon"
],
[
"t",
"security"
],
[
"t",
"cybersecurity"
],
[
"t",
"infosec"
],
[
"mostr",
"https://mastodon.social/users/avoidthehack/statuses/110678873257561175"
]
],
"content": "Critical TootRoot bug lets attackers hijack #Mastodon servers\n\n\u003e bad actor sends malicious toot\n\u003e instances process malicious toot\n\u003e spawns webshell\n\u003e bad actor uses webshell to assume control over the server\n\nThere is a #security patch for this - all Mastodon server admins should update if they haven't already.\n\n#cybersecurity #infosec\n\nhttps://www.bleepingcomputer.com/news/security/critical-tootroot-bug-lets-attackers-hijack-mastodon-servers/",
"sig": "b65d565f5e702820bbeef4b24a7310d322c16c41db9f660be78f46ae17070694b001f7ece6aef7db9eae43ead4144d3e710ce1624ebed8551547ee670155756a"
}