NYCPHP Meetup

[nycphp-talk] php bulletin boards

inforequest 1j0lkq002 at sneakemail.com
Mon Jan 3 21:40:55 EST 2005


Jason N.Perkins jperkins-at-sneer.org |nyphp dev/internal group use| wrote:

> On Jan 3, 2005, at 4:58 PM, Steve Manes wrote:
>
>> Yury Rush wrote:
>>
>>> Hi -- there was an exploit a few weeks ago that affected phpBB  
>>> boards..
>>> thousands were hacked via a worm that found phpBB sites using google's
>>> search..
>>
>>
>> That exploit is actually a bug in PHP's unserialize(), not PHPBB.
>>
>> There are several exploits in 4.3.9 and 5.0.2:
>>
>> http://national.auscert.org.au/render.html?it=4636
>
> The Sanity phpBB worm used the phpBB Highlight Vulnerability which 
> has  nothing to do with the unserialize vulnerability. As (only) 
> Derick  Rethans could put it:
>
> "Everybody who thinks that the Santy.A worm uses one of the security  
> problems addressed in PHP's latest bugfix releases is wrong. It was 
> NOT  due to any bug in PHP, but merely a badly checked input variable 
> which  was passed to preg with the /e modifier. Besides this, phpBB is 
> also  vulnarable for some of the things  address by PHP's new 
> releases. But  they are wrong saying that it is not their fault. 
> Not-checked usage of   serialized data is still their problem. Short 
> version: use FUDforum."
>
> Original link:  <http://www.derickrethans.nl/month-2004-12.php? 
> item=200412241207#200412241207>
>
> More info at:
> <http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513>
> <http://www.hardened-php.net/news.php>
> <http://www.powertrip.co.za/blog/archives/000305.html>
>
> This isn't to chastise Steve - phpBB rushed with the story that it  
> wasn't there fault.
> -- 
> Jason N Perkins
> <http://sneer.org/>


I posted this on the 22nd of December, although it seemed like the 
highlight patch was removed sometime ater it was originally posted to 
phpBB website (?) :

http://lists.nyphp.org/pipermail/talk/2004-December/013284.html

-=john andrews

-- 
Secunia Advisory 12/30/2004: "Almost every single branch of the Microsoft Windows operating system is vulnerable to several new vulnerabilities... no vendor solution is available for these vulnerabilities."




More information about the talk mailing list