nanog mailing list archives
Re: Sanity worm defaces websites using php bug
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 21 Dec 2004 23:50:30 +0200
Dan Hollis wrote:
On Tue, 21 Dec 2004, Fergie (Paul Ferguson) wrote:These people don't waste much time when a new exploit found, do they? Geez. http://isc.sans.org/diary.php?date=2004-12-21Its exploiting a bug in old versions of phpbb, it's not using the recent php exploit.-Dan
It isn't very blatant about it either. I allow myself to quote *only* the following from the source to help you make sure it is the actual worm that got you or your users.
It is written in perl. Size: 4.87 KB (4,996 bytes). MD5: 4ad08373aaa7c96ad8ab4b93df4fd4a0 Safe source (HTML generation only) sample: .... my $s = q{<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>This site is defaced!!!</TITLE> </HEAD><BODY bgcolor="#000000" text="#FF0000"> <H1>This site is defaced!!!</H1> <HR> .... Gadi.
Current thread:
- Sanity worm defaces websites using php bug Fergie (Paul Ferguson) (Dec 21)
- Re: Sanity worm defaces websites using php bug Dan Hollis (Dec 21)
- Re: Sanity worm defaces websites using php bug cw (Dec 21)
- Re: Sanity worm defaces websites using php bug Dave Dennis (Dec 21)
- Re: Sanity worm defaces websites using php bug Gadi Evron (Dec 21)
- Re: Sanity worm defaces websites using php bug Paul G (Dec 21)
- Re: Sanity worm defaces websites using php bug Gadi Evron (Dec 21)
- Re: Sanity worm defaces websites using php bug cw (Dec 21)
- Re: Sanity worm defaces websites using php bug Gadi Evron (Dec 22)
- <Possible follow-ups>
- Re: Sanity worm defaces websites using php bug sgorman1 (Dec 21)
- Re: Sanity worm defaces websites using php bug sgorman1 (Dec 21)
- Re: Sanity worm defaces websites using php bug Dan Hollis (Dec 21)