Re: Worm hitting PHPbb2 Forums
From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 12/21/04
- Previous message: lists: "Re: Worm hitting PHPbb2 Forums"
- In reply to: lists: "Re: Worm hitting PHPbb2 Forums"
- Next in thread: Mike: "RE: Worm hitting PHPbb2 Forums"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: incidents@securityfocus.com Date: Tue, 21 Dec 2004 21:00:04 +0000
On Tue, 2004-12-21 at 12:21 -0700, lists wrote:
> Yea good catch, after looking into it a little further I found that it
> wasn't related to that advisory, but rather to one from 11.13.04, the
> exploit code of the original bug can be found on k-otik.com
>
> Thanks for the info
More information:
Mis-reported and then corrected at the ISC -
http://isc.sans.org/diary.php?date=2004-12-21
* The advisory is here - htp://howdark.com/
(it was there when the advisory was initially released but that site
seems down atm, included here in hope that howdark.com resurfaces)
* The fix is here - http://www.phpbb.com/phpBB/viewtopic.php?t=240513
* The exploit is here - http://www.howdark.com/poc/phpbb2010_hl.phps
(down as above, but included here as it was the original source, try
here http://www.k-otik.com/exploits/20041122.r57phpbb2010.pl.php )
* SNORT Rule is here - http://www.webservertalk.com/message554529.html
* If you got owned by this then your Christmas present is here
http://ysati.com hehe ;-P
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: lists: "Re: Worm hitting PHPbb2 Forums"
- In reply to: lists: "Re: Worm hitting PHPbb2 Forums"
- Next in thread: Mike: "RE: Worm hitting PHPbb2 Forums"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
