lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <447ABFF4.3010403@heapoverflow.com>
Date: Mon May 29 10:34:27 2006
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: phpbb blend portal and activity mods at risk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I have got this email today and it should be more than useful also
forwarded on FD:

- ---------------------------------------------------------------quoting
austin-----


It has come to my attention that Blend has a security issue. If you have
Blend Portal System OR Activity Mod installed, please disable your board
or uninstall these mods for the time being and do the file edit that I
have listed below. Here are a list of IPs that you need to ban from your
site as well.



85.107.151.110, 84.112.100.97, 84.112.100.97, 200.112.130.69,
87.97.213.154, 211.66.110.157, 201.29.218.185, 195.93.60.97,
202.133.82.69, 70.136.76.25, 212.104.107.114, 157.142.200.121,
200.243.242.123, 166.111.249.39, 85.104.25.166, 85.14.214.4



These are known IPs that have used a script to infect sites with trojans
via a file in blend.

Open:

blend_data/blend_common.php



FIND



define('BLEND_DATA_PATH',         'blend_data/');



BEFORE, ADD



if (!defined('IN_PHPBB'))

die('Hack Attempt');



CLOSE & SAVE



I will release a fix for these issues ASAP.



I apologize for this huge inconvenience.


- ---------------------------------------------------------------quote
end-----




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (MingW32)
 
iD8DBQFEer/zFJS99fNfR+YRAvpdAJ9oPW2ybD2z0PdOTW+SGPE9JLmQ8QCdGT78
nqqqrR0IY3g9QAu9P+I5zqI=
=Fnxy
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ad.vcf
Type: text/x-vcard
Size: 167 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060529/d444a8e6/ad.vcf

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ