| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200501031740.28907.emiraga@emiraga.com> From: emiraga at emiraga.com (EmirAga) Subject: phpBB Worm writers are dumb lots has passed since releasing a phpbb worm by some stupid people, i will list my oppinion about it. - why release a worm? not sure about newer ones, but first one did not do anything, so, whats the point?. Worm will warn whole world about vulnerability and most of servers will patch it, without worm it would stay just another bug in their forum and most non will worry about it. Security _penetators_ are loosing their jobs because of you. - first worm sent a thousand requests before infection. The newer one do 'wget' it from static http location. STUPID. Simply worm could send his self by POST or FILE_UPLOAD method since they are not written in logs. In logs would be written a small request that most administrators will not notice. what's wrong with eval($_POST[x])? - first worm wrote his self to current directory, we all know that in most cases this will fail. Better solution would be to write to /tmp, or even better to use upload $_FILES[worm][tmp_name]. So stupid! - Why didn't they removed comments and replaced their variables with smaller ones, so worm will go faster. i just hope no one will rewrite its code with newer _version_ cuz then i will be the stupid one here. just wanted to say that worm writing sucks and real programmer will never release one. greets
Powered by blists - more mailing lists