Results 1 to 4 of 4
  1. #1
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    If you're running PHP you should check out the following articles:

    http://isc.sans.org/diary.php?date=2004-12-20
    http://isc.sans.org/diary.php?date=2004-12-17

    Information is sketchy, but this PHP hole may or may not have been patched, and the nature of the exploit is not clear at the moment.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  2. #2
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    And there's another bit of information here:

    http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513

    I'm out of my depth with PHP, but this quote stands out:

    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>In the mean time we strongly, and I mean strongly! urge all our users to make the following change to viewtopic.php as a matter of urgency. <HR></BLOCKQUOTE>
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  3. #3
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Here's another update:

    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Handlers Diary December 21st 2004
    Updated December 21st 2004 17:43 UTC (Handler: Chris Carboni)
    *Sanity worm defaces websites using php bug

    Sanity worm defaces websites using php bug
    A worm taking advantage of the recent php vulnerability has been defacing websites and explains a number of reports we recieved today regarding defaced web servers. The worm is written in Perl and seems to overwrite all writeable asp/php/htm/shtm files on the server. More details on the Sanity worm are available at:
    http://www.viruslist.com/en/weblog
    http://www.europe.f-secure.com/weblog/

    Public exploit code for the php vulnerability has recently been made available.
    If you are unable to update your PHP engine at this time, a workaround for phpBB can be found at
    http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513
    In addition to the above workaround, Version 4.3.10 or 5.0.3 can be downloaded from http://www.php.net/downloads.php

    If you are infected and are able to extract a copy of the perl script, please submit it via our contact form:http://isc.sans.org/contact.php .

    'Results 1 - 10 of about 5,770,000 for "Powered by phpBB".'
    Stay tuned .. <HR></BLOCKQUOTE>
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  4. #4
    ABW Ambassador swampy_webber's Avatar
    Join Date
    January 18th, 2005
    Location
    West Virginia
    Posts
    698
    This is just a little note. The article is talking about PHPbb (forum software) not the PHP scripting language as a whole.
    Life is like a dogsled team. If you ain't the lead dog, the scenery never changes.

    -- Lewis Grizzard

  5. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Heads Up: MySQL worm reported
    By Dynamoo in forum Midnight Cafe'
    Replies: 1
    Last Post: January 27th, 2005, 11:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •