Metasploit mailing list archives
Metasploit 3 module for PHP < 4.5.0 unserialize() bug
From: nicolas.ruff at gmail.com (Nicolas RUFF)
Date: Tue, 03 Apr 2007 22:07:58 +0200
Trivia: About 1 in 70 phpBB installations have been defaced: http://www.google.com/search?num=100&hl=en&q=%22Powered+by+phpBB%22+%22hacked+by%22 http://www.google.com/search?num=100&hl=en&q=%22Powered+by+phpBB%22
In absolute figures: number of hacked sites is "about 503,000".
http://www.google.com/codesearch?hl=en&q=+unserialize.*COOKIE+-base64
Let's have a look at first two pages of Google results: Dotclear, phpBB2, punBB, SPIP, xoops, ...
http://www.google.com/codesearch?hl=en&lr=&q=unserialize.*POST
First page: Phorum, Cacti, phpGroupWare, ... "What else ?" (tm) Regards, - Nicolas RUFF
Current thread:
- Metasploit 3 module for PHP < 4.5.0 unserialize() bug Nicolas RUFF (Apr 03)