[unisog] php sites hacked...

Richard Godbee rwg at vt.edu
Mon Dec 20 17:32:00 GMT 2004


On Dec 20, 2004, at 10:06 AM, Vijay S Sarvepalli VSSARVEP wrote:

> All php sites in our one server have been hacked, defaced with
[...]
> Do you guys know what vulernability this is?

A number of security vulnerabilities in PHP 4 and 5 have been fixed in 
4.3.10 and 5.0.3, released on December 15th.  The most common ways 
people have been hacked/defaced/owned is through the use of phpBB and 
vBulletin, which pass user-supplied data directly to one of the PHP 
functions with security problems -- unserialize().

http://www.securityfocus.com/archive/1/384545/2004-12-10/2004-12-16/0

-- 
Richard Godbee, Unix Systems Administrator
Department of Geosciences, Virginia Tech
4044 Derring Hall (0420), Blacksburg, VA 24061
rwg at vt.edu / +1.540.231.7002 / +1.540.231.3386 (FAX)




More information about the unisog mailing list