estover@nativenerds.com
2004-Dec-27 14:32 UTC
Found security expliot in port phpBB 2.0.8 FreeBSD4.10
I think, there is a neat exploit in the phpbb2.0.8 because I found my home page defaced one dark morning. The patch for phpBB is here. http://www.phpbb.com/downloads.php The excerpt of the log is attached. I believe the link to the described exploit is here. http://secunia.com/advisories/13239 The defacement braggen page is here filter to show the exploited FreeBSD machines that aneurysm.inc has defaced http://www.zone-h.org/en/defacements/filter/filter_defacer=aneurysm.inc/filter_system=FreeBSD/page=1/
The update for phpbb came out a while ago, and it looks like the ports were updated on 11/25/2004. Have you tried updating the ports? I think this is already addressed. On a side note, I'm suprised you didn't get hit by the worm (unless it happened before the worm came out). There is a new worm out now that attacks some weak php programming, though it's not very widespread. See http://www.syslog.org/Article10.phtml for a little more detail. I don't know if it's a worm or not, but I'm seeing people trying to attack my site pretty frequently lately. Best regards & happy holidays, Jerry http://www.syslog.org> I think, there is a neat exploit in the phpbb2.0.8 because I found my home > page defaced one dark morning. The patch for phpBB is here. > http://www.phpbb.com/downloads.php > > The excerpt of the log is attached. > > I believe the link to the described exploit is here. > http://secunia.com/advisories/13239 > > The defacement braggen page is here filter to show the exploited FreeBSD > machines that aneurysm.inc has defaced > http://www.zone-h.org/en/defacements/filter/filter_defacer=aneurysm.inc/filter_system=FreeBSD/page=1/ > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" >
This was added to vuxml on dec 22 but the vulnerability was discovered on nov. 18. On Mon, Dec 27, 2004 at 03:36:42PM -0700, estover@nativenerds.com wrote:> I think, there is a neat exploit in the phpbb2.0.8 because I found my home > page defaced one dark morning. The patch for phpBB is here. > http://www.phpbb.com/downloads.php > > The excerpt of the log is attached. > > I believe the link to the described exploit is here. > http://secunia.com/advisories/13239 > > The defacement braggen page is here filter to show the exploited FreeBSD > machines that aneurysm.inc has defaced > http://www.zone-h.org/en/defacements/filter/filter_defacer=aneurysm.inc/filter_system=FreeBSD/page=1/ > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"-- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/
Thanks for all the input guys and gals. didn't meant to start a flame war ;) On Mon, 2004-12-27 at 15:36 -0700, estover@nativenerds.com wrote:> I think, there is a neat exploit in the phpbb2.0.8 because I found my > home > page defaced one dark morning. The patch for phpBB is here. > http://www.phpbb.com/downloads.php > > The excerpt of the log is attached. > > I believe the link to the described exploit is here. > http://secunia.com/advisories/13239 > > The defacement braggen page is here filter to show the exploited > FreeBSD > machines that aneurysm.inc has defaced > http://www.zone-h.org/en/defacements/filter/filter_defacer=aneurysm.inc/filter_system=FreeBSD/page=1/ >
Roger Marquis
2004-Dec-30 08:08 UTC
Found security expliot in port phpBB 2.0.8 FreeBSD4.10
> Julian Elischer <julian@elischer.org> writes: > ...or we could urge them to stop using PHP at all.If only... but in favor of what, Perl? One nice thing about PHP is its similarity to Java/JSP. Learn one and you're part way to learning the other, and JSP really is a web technology the security community should be encouraging.> Kris Kennaway <kris@obsecurity.org> wrote: > Remember that FreeBSD is supported by the community, so you also could > have submitted the update but didn't.With all due respect to Kris and his excellent work, shooting the messenger is probably not the best way to encourage discussion of substantive issues. -- Roger Marquis Roble Systems Consulting http://www.roble.com/