Attempted exploits against phpAlbum (common with Joomla, etc.)

[Lamar Spells <lamar.spells () gmail com>]

I pointed out a while back some activity I have been seeing related to
awstats scanners (see
http://seclists.org/fulldisclosure/2011/Dec/372), but now that actvity
has morphed a bit to include attempts to leverage some vulnerabilities
previously reported in the phpAlbum project.

Specifically, I am now seeing attempts to perform directory traversal
against index.php and code injection against main.php.  Full details
at: http://foxtrot7security.blogspot.com/2011/12/attacks-against-awstats-also-includes.html

Make sure you are running the latest version of the package since
there seems to be a pretty massive search underway for vulnerable
versions.

Regards,

Lamar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/