Metasploit 3 module for PHP < 4.5.0 unserialize() bug

[nicolas.ruff at gmail.com (Nicolas RUFF)]

> Trivia: About 1 in 70 phpBB installations have been defaced:
> http://www.google.com/search?num=100&hl=en&q=%22Powered+by+phpBB%22+%22hacked+by%22
> http://www.google.com/search?num=100&hl=en&q=%22Powered+by+phpBB%22

In absolute figures: number of hacked sites is "about 503,000".

> http://www.google.com/codesearch?hl=en&q=+unserialize.*COOKIE+-base64

Let's have a look at first two pages of Google results: Dotclear,
phpBB2, punBB, SPIP, xoops, ...

> http://www.google.com/codesearch?hl=en&lr=&q=unserialize.*POST

First page: Phorum, Cacti, phpGroupWare, ...

"What else ?" (tm)

Regards,
- Nicolas RUFF