[nycphp-talk] php bulletin boards
inforequest
1j0lkq002 at sneakemail.com
Mon Jan 3 21:40:55 EST 2005
Jason N.Perkins jperkins-at-sneer.org |nyphp dev/internal group use| wrote:
> On Jan 3, 2005, at 4:58 PM, Steve Manes wrote:
>
>> Yury Rush wrote:
>>
>>> Hi -- there was an exploit a few weeks ago that affected phpBB
>>> boards..
>>> thousands were hacked via a worm that found phpBB sites using google's
>>> search..
>>
>>
>> That exploit is actually a bug in PHP's unserialize(), not PHPBB.
>>
>> There are several exploits in 4.3.9 and 5.0.2:
>>
>> http://national.auscert.org.au/render.html?it=4636
>
> The Sanity phpBB worm used the phpBB Highlight Vulnerability which
> has nothing to do with the unserialize vulnerability. As (only)
> Derick Rethans could put it:
>
> "Everybody who thinks that the Santy.A worm uses one of the security
> problems addressed in PHP's latest bugfix releases is wrong. It was
> NOT due to any bug in PHP, but merely a badly checked input variable
> which was passed to preg with the /e modifier. Besides this, phpBB is
> also vulnarable for some of the things address by PHP's new
> releases. But they are wrong saying that it is not their fault.
> Not-checked usage of serialized data is still their problem. Short
> version: use FUDforum."
>
> Original link: <http://www.derickrethans.nl/month-2004-12.php?
> item=200412241207#200412241207>
>
> More info at:
> <http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513>
> <http://www.hardened-php.net/news.php>
> <http://www.powertrip.co.za/blog/archives/000305.html>
>
> This isn't to chastise Steve - phpBB rushed with the story that it
> wasn't there fault.
> --
> Jason N Perkins
> <http://sneer.org/>
I posted this on the 22nd of December, although it seemed like the
highlight patch was removed sometime ater it was originally posted to
phpBB website (?) :
http://lists.nyphp.org/pipermail/talk/2004-December/013284.html
-=john andrews
--
Secunia Advisory 12/30/2004: "Almost every single branch of the Microsoft Windows operating system is vulnerable to several new vulnerabilities... no vendor solution is available for these vulnerabilities."
More information about the talk
mailing list