Results 1 to 4 of 4
December 21st, 2004, 09:09 AM #1
December 21st, 2004, 09:18 AM #2
And there's another bit of information here:
I'm out of my depth with PHP, but this quote stands out:
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>In the mean time we strongly, and I mean strongly! urge all our users to make the following change to viewtopic.php as a matter of urgency. <HR></BLOCKQUOTE>
December 21st, 2004, 10:42 AM #3
Here's another update:
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Handlers Diary December 21st 2004
Updated December 21st 2004 17:43 UTC (Handler: Chris Carboni)
*Sanity worm defaces websites using php bug
Sanity worm defaces websites using php bug
A worm taking advantage of the recent php vulnerability has been defacing websites and explains a number of reports we recieved today regarding defaced web servers. The worm is written in Perl and seems to overwrite all writeable asp/php/htm/shtm files on the server. More details on the Sanity worm are available at:
Public exploit code for the php vulnerability has recently been made available.
If you are unable to update your PHP engine at this time, a workaround for phpBB can be found at
In addition to the above workaround, Version 4.3.10 or 5.0.3 can be downloaded from http://www.php.net/downloads.php
If you are infected and are able to extract a copy of the perl script, please submit it via our contact form:http://isc.sans.org/contact.php .
'Results 1 - 10 of about 5,770,000 for "Powered by phpBB".'
Stay tuned .. <HR></BLOCKQUOTE>
December 21st, 2004, 01:13 PM #4
This is just a little note. The article is talking about PHPbb (forum software) not the PHP scripting language as a whole.Life is like a dogsled team. If you ain't the lead dog, the scenery never changes.
-- Lewis Grizzard
By Dynamoo in forum Midnight Cafe'Replies: 1Last Post: January 27th, 2005, 11:31 AM