Security Incidents mailing list archives
Re: Worm hitting PHPbb2 Forums
From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 21 Dec 2004 21:00:04 +0000
On Tue, 2004-12-21 at 12:21 -0700, lists wrote:
Yea good catch, after looking into it a little further I found that it wasn't related to that advisory, but rather to one from 11.13.04, the exploit code of the original bug can be found on k-otik.com Thanks for the info
More information: Mis-reported and then corrected at the ISC - http://isc.sans.org/diary.php?date=2004-12-21 * The advisory is here - htp://howdark.com/ (it was there when the advisory was initially released but that site seems down atm, included here in hope that howdark.com resurfaces) * The fix is here - http://www.phpbb.com/phpBB/viewtopic.php?t=240513 * The exploit is here - http://www.howdark.com/poc/phpbb2010_hl.phps (down as above, but included here as it was the original source, try here http://www.k-otik.com/exploits/20041122.r57phpbb2010.pl.php ) * SNORT Rule is here - http://www.webservertalk.com/message554529.html * If you got owned by this then your Christmas present is here http://ysati.com hehe ;-P With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Worm hitting PHPbb2 Forums L. Walker (Dec 21)
- Re: Worm hitting PHPbb2 Forums mark (Dec 21)
- Re: Worm hitting PHPbb2 Forums Chris Ess (Dec 21)
- Re: Worm hitting PHPbb2 Forums lists (Dec 21)
- Re: Worm hitting PHPbb2 Forums Chris Ess (Dec 21)
- Re: Worm hitting PHPbb2 Forums lists (Dec 21)
- Re: Worm hitting PHPbb2 Forums Barrie Dempster (Dec 21)
- Re: Worm hitting PHPbb2 Forums lists (Dec 21)
- <Possible follow-ups>
- RE: Worm hitting PHPbb2 Forums Christopher Adickes (Dec 21)
- RE: Worm hitting PHPbb2 Forums Mike (Dec 21)
- RE: Worm hitting PHPbb2 Forums M. Shirk (Dec 22)