[nycphp-talk] php bulletin boards
Jason N.Perkins
jperkins at sneer.org
Mon Jan 3 21:04:49 EST 2005
On Jan 3, 2005, at 4:58 PM, Steve Manes wrote:
> Yury Rush wrote:
>> Hi -- there was an exploit a few weeks ago that affected phpBB
>> boards..
>> thousands were hacked via a worm that found phpBB sites using google's
>> search..
>
> That exploit is actually a bug in PHP's unserialize(), not PHPBB.
>
> There are several exploits in 4.3.9 and 5.0.2:
>
> http://national.auscert.org.au/render.html?it=4636
The Sanity phpBB worm used the phpBB Highlight Vulnerability which has
nothing to do with the unserialize vulnerability. As (only) Derick
Rethans could put it:
"Everybody who thinks that the Santy.A worm uses one of the security
problems addressed in PHP's latest bugfix releases is wrong. It was NOT
due to any bug in PHP, but merely a badly checked input variable which
was passed to preg with the /e modifier. Besides this, phpBB is also
vulnarable for some of the things address by PHP's new releases. But
they are wrong saying that it is not their fault. Not-checked usage of
serialized data is still their problem. Short version: use FUDforum."
Original link:
<http://www.derickrethans.nl/month-2004-12.php?
item=200412241207#200412241207>
More info at:
<http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513>
<http://www.hardened-php.net/news.php>
<http://www.powertrip.co.za/blog/archives/000305.html>
This isn't to chastise Steve - phpBB rushed with the story that it
wasn't there fault.
--
Jason N Perkins
<http://sneer.org/>
More information about the talk
mailing list