Fergie (Paul Ferguson) wrote:
These people don't waste much time when a new exploit
found, do they? Geez.
http://isc.sans.org/diary.php?date=2004-12-21
As a friend of mine just said.. good times!
http://www.google.com/search?q=NeverEverNoSanity
Gadi.
Dan Hollis wrote:
On Tue, 21 Dec 2004, Fergie (Paul Ferguson) wrote:
These people don't waste much time when a new exploit
found, do they? Geez.
http://isc.sans.org/diary.php?date=2004-12-21
Its exploiting a bug in old versions of phpbb, it's not using the recent
php exploit.
-Dan
It isn't very
- Original Message -
From: "cw" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 21, 2004 3:47 PM
Subject: Re: Sanity worm defaces websites using php bug
> Gonna be a nightmare for server ops to ensure that all client copies
> of phpBB ar
cw wrote:
Does anyone have any more detail on exactly what this thing does after
it gets into a system?
Check *any* AV web site.
The cgi platform for a company I use has been hit and the effect is
not just limited to phpBB, it seems to get into the server and then go
through everything it can wr
The one instance of this I observed did the following:
1) got permissions of apache daemon by way of the viewtopic.php script
2) ran the server's wget to download
http://www.packetstormsecurity.nl/DoS/udp.pl
3) pulled udp.pl down into /tmp, and ran, not sure how it got its list of ip.
The quic
there is this from f-secure with some detail of after effects.
http://www.f-secure.com/v-descs/santy_a.shtml
- Original Message -
From: cw <[EMAIL PROTECTED]>
Date: Tuesday, December 21, 2004 3:47 pm
Subject: Re: Sanity worm defaces websites using php bug
>
> Does any
Does anyone have any more detail on exactly what this thing does after
it gets into a system?
The cgi platform for a company I use has been hit and the effect is
not just limited to phpBB, it seems to get into the server and then go
through everything it can write to..
I lost a copy of UBB to th
On Tue, 21 Dec 2004, Fergie (Paul Ferguson) wrote:
> These people don't waste much time when a new exploit
> found, do they? Geez.
> http://isc.sans.org/diary.php?date=2004-12-21
Its exploiting a bug in old versions of phpbb, it's not using the recent
php exploit.
-Dan
Produces something along the lines of this:
http://www.noobforces.net/forum/viewtopic.php?p=1445&sid=d2260869a73fb5aca2
- Original Message -
From: "Fergie (Paul Ferguson)" <[EMAIL PROTECTED]>
Date: Tuesday, December 21, 2004 1:11 pm
Subject: Sanity worm defaces we
These people don't waste much time when a new exploit
found, do they? Geez.
http://isc.sans.org/diary.php?date=2004-12-21
- ferg
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
[EMAIL PROTECTED] or
[EMAIL PROTECTED]
10 matches
Mail list logo