Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
WordPress worm makes its way around the web
Sep 09, 2009 @ 18:08:28

In case you missed it (though I'm not sure how you would) there was a scare for WordPress users out there that have been using an older version of the popular blogging engine about a worm going around an exploiting a hole to create a user, become an admin and quietly put spam links and malware into your posts without you knowing. The solution? Simple! Update right away!.

If you're currently running an older version of the WordPress software and want to be sure that you haven't fallen prey to the worm's threat, you can use the query Dougal Campbell has posted to check your wp_users table for administrators. Check the results of this to make sure there's no extra admin accounts found.

Keeping your software up to date is always a good first line of defense, so be sure that you've downloaded the latest to keep you and your blog protected.

tagged: wordpress worm security threat upgrade

Link:

Christopher Kunz's Blog:
Mambo worm in the wild
Dec 06, 2005 @ 12:50:24

According to this post on Christopher Kunz today, there's a Mambo-targeted worm out "in the wild" called Elxbot.

Well, it wasn't totally unexpected, I guess. The recently discovered remote code execution hole in Mambo has spawned a nifty little worm, called "Elxbot". I actually referred to the (then still fairly unknown) vulnerability and to the possibility that it might be abused by worm writers in my talk at the last PHP Conference.

I am already expecting a similar outbreak for the PHPKIT holes I recently reported. It has all of the features that I outlined above, although the install base is probably somewhat limited to german users (and there, mainly to gaming clans). Seeing this, I didn't actually publish a PoC for the remote code execution hole, but it is somewhat trivial to find and exploit anyway.

The worm itself searches Google for available targets, infects the system, and connects to an IRC server where the controlling party is waiting. From there things like arbitrary command execution, TCP floods, HTTP floods, and Portscans can be made. For complete information, check out this page on the Outpost24.com site...

tagged: mambo worm wild elxbot mambo worm wild elxbot

Link:

Christopher Kunz's Blog:
Mambo worm in the wild
Dec 06, 2005 @ 12:50:24

According to this post on Christopher Kunz today, there's a Mambo-targeted worm out "in the wild" called Elxbot.

Well, it wasn't totally unexpected, I guess. The recently discovered remote code execution hole in Mambo has spawned a nifty little worm, called "Elxbot". I actually referred to the (then still fairly unknown) vulnerability and to the possibility that it might be abused by worm writers in my talk at the last PHP Conference.

I am already expecting a similar outbreak for the PHPKIT holes I recently reported. It has all of the features that I outlined above, although the install base is probably somewhat limited to german users (and there, mainly to gaming clans). Seeing this, I didn't actually publish a PoC for the remote code execution hole, but it is somewhat trivial to find and exploit anyway.

The worm itself searches Google for available targets, infects the system, and connects to an IRC server where the controlling party is waiting. From there things like arbitrary command execution, TCP floods, HTTP floods, and Portscans can be made. For complete information, check out this page on the Outpost24.com site...

tagged: mambo worm wild elxbot mambo worm wild elxbot

Link:


Trending Topics: