WebApp Sec mailing list archives
Re: Mambo File Inclusion Attacks
From: Christopher Kunz <chrislist () de-punkt de>
Date: Sun, 15 Jan 2006 16:38:19 +0100
Mark Ryan del Moral Talabis schrieb:
We have been receiving multiple attacks directed towards the popular open source portal and content management system, Mambo. The attacks makes use of the "mosConfig_absolute_path" file inclusion vulnerability of certain unpatched versions of the said application. In this case, a possibly malicious file called "micu" is downloaded in the process of the attack. Full analysis: http://www.philippinehoneynet.org/data.php
I'd say this is fairly old news. We have been seeing these attacks since shortly after the advisory for the hole. micu is just your standard ddos/backdoor tool and the kids using it are mostly romanian and from south america. What worries me more is that we are also seeing a massive increase in non-application-specific PHP inclusion attacks. Seems like there are several spiders that just try injecting http://-style URLs into any URI parameter they see on a given domain. --ck -- http://www.de-punkt.de [ chris () de-punkt de ] http://www.stormix.de PHP-Anwendungen sind gefährdet! SQL-Injection, XSS, Session-Angriffe, CSRF, Commandshells, Response Splitting,... böhmische Dörfer? Dann gleich "PHP-Sicherheit" direkt beim Verlag vorbestellen! http://www.php-sicherheit.de/ ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- Mambo File Inclusion Attacks Mark Ryan del Moral Talabis (Jan 15)
- Re: Mambo File Inclusion Attacks Christopher Kunz (Jan 15)
- Re: Mambo File Inclusion Attacks Mark Ryan del Moral Talabis (Jan 17)
- Re: Mambo File Inclusion Attacks Christopher Kunz (Jan 15)