“The hack was likely caused by 4chan using an extremely out-of-date version of PHP that has a lot of vulnerabilities and exploits and is using deprecated functions to interact with [their] MySQL database,” reported security researcher Yushe. The breach resulted in the complete extraction of 4chan’s PHP source code, including the main file “yotsuba.php” that manages posting and reporting functions. Following yesterday’s major security breach of the controversial imageboard 4chan, hackers have publicly revealed the sophisticated exploit method used to gain access to the site’s backend systems. The exploit leveraged a critical oversight in 4chan’s file validation system, allowing attackers to upload PostScript files containing malicious drawing commands disguised as legitimate PDFs. From this initial foothold, the attackers exploited what they described as “a mistaken suid binary” to elevate their privileges to that of the global user, effectively gaining complete control of the server. The attack, which took the platform offline for several hours, has exposed sensitive internal data including source code, moderator information, and administrative tools. In a post on their platform, they stated: “Today, April 14, 2025, a hacker, who has been in 4cuck’s system for over a year, executed the true operation soyclipse”. As proof of their control over the system, the hackers temporarily restored a previously banned board called “/qa/” and defaced it with the message “U GOT HACKED XD”. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Instead, they exploited a vulnerability in how 4chan processes uploaded files on certain boards including /g/, /pol/, /qst/, /sci/, and /lg/1. According to cybersecurity experts analyzing the hack, these PostScript files were then processed by Ghostscript, a software used by 4chan to generate thumbnail images. A group associated with rival imageboard Soyjak Party (colloquially known as “Sharty”) claimed responsibility for the attack. “They neglected to verify that the uploaded file is actually a PDF file,” stated the revelation post. Additionally, the email addresses and contact information of approximately 218 moderators, administrators, and “janitors” (lower-level moderators) were exposed.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Apr 2025 11:36:45 +0000