PHP/phpBB vulnerability still exists
Now that I'm on hols I have some free time so I thot I'd try out the neverevernosanity exploit which attacked phpBB forums in Nov last year...
Well, checking with Google, which was used in the original attack, u can't use Google anymore. Google is now blocking any attempts to use it to find phpBB boards. Luckily for me, I could still use MSN Search. So using it I found a few phpBB sites, some which were running really old versions like 2.0.4 and 2.0.6, by far the most common versions out there.
Yep, the exploit still works! I got my hands on the source code and made my own mod to the code and tried it out on some sites... here's some evidence:
Of coz I purposely made this screenshot to hide the actual host's name and other details, but the image clearly shows that I had executed a "ls -al" command on the server. If I wanted to, I could have displayed the contents of config.php or the server's /etc/passwd file. If u have some knowledge of php u could actually execute php code on the server, eg to place a backdoor script or insert trojan code into the database.
Combatting hackers needs a combination of common sense and vigilance. Without vigilance, u're just leaving a window to ur house open. In the end u get wat u deserve.
Well, checking with Google, which was used in the original attack, u can't use Google anymore. Google is now blocking any attempts to use it to find phpBB boards. Luckily for me, I could still use MSN Search. So using it I found a few phpBB sites, some which were running really old versions like 2.0.4 and 2.0.6, by far the most common versions out there.
Yep, the exploit still works! I got my hands on the source code and made my own mod to the code and tried it out on some sites... here's some evidence:
Of coz I purposely made this screenshot to hide the actual host's name and other details, but the image clearly shows that I had executed a "ls -al" command on the server. If I wanted to, I could have displayed the contents of config.php or the server's /etc/passwd file. If u have some knowledge of php u could actually execute php code on the server, eg to place a backdoor script or insert trojan code into the database.
Combatting hackers needs a combination of common sense and vigilance. Without vigilance, u're just leaving a window to ur house open. In the end u get wat u deserve.
posted by Beng Hacks at 6:50 PM
0 Comments:
Post a Comment
<< Home