GoFuckYourself.com - Adult Webmaster Forum - View Single Post - could someone write a text explaining the NATS issue correctly

Why · 12-26-2007, 12:26 PM

for what its worth, due to the fact that nats uses smarty, its possible that this person used nats to create smarty pages or placed code into pre-existing smarty templates that would allow them back into the systems even if the passwords were changed. furthermore if the person doing this used smarty templates for hacking its possible he created methods to view, dump, email, etc. entire databases. so its possible more information then JUST what is shown in the admin side of things is at risk. depending on what ALL a program keeps on their nats server this person could have escalated things up from there to... well the sky is the limit.

its really a shitty situation, however we were not effected as we have had IP protections in place for many many months. this is a security feature in nats very few companies use but it HAS been in the software for years(to the best of my knowledge) and requires an admin to have a proper user/pass and be logging in from a specific IP. to blame nats entirely is silly, as the precautions to prevent these matters were in place for a very long time.

12-26-2007, 12:26 PM
Why MFBA Industry Role: Join Date: Mar 2003 Location: PNW Posts: 7,230	for what its worth, due to the fact that nats uses smarty, its possible that this person used nats to create smarty pages or placed code into pre-existing smarty templates that would allow them back into the systems even if the passwords were changed. furthermore if the person doing this used smarty templates for hacking its possible he created methods to view, dump, email, etc. entire databases. so its possible more information then JUST what is shown in the admin side of things is at risk. depending on what ALL a program keeps on their nats server this person could have escalated things up from there to... well the sky is the limit. its really a shitty situation, however we were not effected as we have had IP protections in place for many many months. this is a security feature in nats very few companies use but it HAS been in the software for years(to the best of my knowledge) and requires an admin to have a proper user/pass and be logging in from a specific IP. to blame nats entirely is silly, as the precautions to prevent these matters were in place for a very long time.