A server hosting dozens of popular file converter sites has been hacked

[LASER_oneXM]

The server hosting dozens of free-to-use online file conversion websites has been hacked several times in the past year using a well-known, easy-to-use exploit.
The security researcher, who asked not to be named for fear of legal repercussions, told ZDNet that the attacker obtained "full root access" to the server and its contents.

The researcher said the level of access would allow an attacker to quietly exfiltrate any file uploaded to the sites, but said it was "impossible to tell" what the shells were for, or if they were in actively used.

The Paris-based server hosted sites -- including combinepdf.com, imagetopdf.com, jpg2pdf.com, pdftoimage.com, pdfcompressor.com, and wordtojpeg.com, among others -- that let users convert files and documents to other formats.
These are hardly the most popular sites in the world, but thousands of people use the sites each day, based on various traffic metrics and statistics sites. Key search terms like "pdf convert" and "image convert" bring up several of the affected sites in the first page of Google search results, giving them an edge over other conversion sites.

The server was vulnerable to a year-old set of bugs found in the ImageMagick library, a popular tool used to convert images. The bugs, known collectively as "ImageTragick," are extremely easy to exploit -- in one case, as simple as uploading an image file containing four lines of code to the server. The bug is so serious that Facebook paid a record bug bounty to a researcher who found that the social network was vulnerable, and Yahoo stopped using the software altogether. Countless servers and websites remain unpatched to this day.