[CS-FSLUG] PHP vulnerabilities?
Don Parris
gnumathetes at gmail.com
Thu Jun 1 22:08:41 CDT 2006
On 6/1/06, Ed Hurst <ehurst at asisaid.com> wrote:
> Brothers and Sisters, I'm puzzled by something. On my blog, I get the
> usual attempts at link spam in the comments. Often, the link points to
> files hidden on a server running some kind of PHP forum. Whenever I
> notify the proper POC, the files are quickly removed in most cases.
> Recently, an admin went crazy trying to find the file, but I was able to
> wget the thing -- 99% was obfuscated JScript code, plus a few lines of text.
>
> Then I read where an ostensibly Christian (Apostolic) PHP forum is found
> hosting a bunch of really nasty malware files:
>
> http://blog.spywareguide.com/2006/06/we_promised_botnet_crazy.html
>
> Just how do miscreants slip past the security? I know of a couple of
> these forums where the security seemed pretty tight, yet this stuff was
> injected into the file structure.
>
I don't have the answer to your question, but that was educational.
Don
--
DC Parris GNU Evangelist
http://matheteuo.org/
gnumathetes at gmail.com
"Hey man, whatever pickles your list!"
More information about the Christiansource
mailing list