[CS-FSLUG] PHP vulnerabilities?

Ed Hurst ehurst at asisaid.com
Thu Jun 1 12:39:25 CDT 2006

Brothers and Sisters, I'm puzzled by something. On my blog, I get the
usual attempts at link spam in the comments. Often, the link points to
files hidden on a server running some kind of PHP forum. Whenever I
notify the proper POC, the files are quickly removed in most cases.
Recently, an admin went crazy trying to find the file, but I was able to
wget the thing -- 99% was obfuscated JScript code, plus a few lines of text.

Then I read where an ostensibly Christian (Apostolic) PHP forum is found
hosting a bunch of really nasty malware files:


Just how do miscreants slip past the security? I know of a couple of
these forums where the security seemed pretty tight, yet this stuff was
injected into the file structure.

Ed Hurst
Bible Application - http://ed.asisaid.com/bible/index.html
Plain & Simple Computer Help - http://ed.asisaid.com/
Mission, Method & Means - http://ed.asisaid.com/blog/

More information about the Christiansource mailing list