[unisog] php sites hacked...
rwg at vt.edu
Mon Dec 20 17:32:00 GMT 2004
On Dec 20, 2004, at 10:06 AM, Vijay S Sarvepalli VSSARVEP wrote:
> All php sites in our one server have been hacked, defaced with
> Do you guys know what vulernability this is?
A number of security vulnerabilities in PHP 4 and 5 have been fixed in
4.3.10 and 5.0.3, released on December 15th. The most common ways
people have been hacked/defaced/owned is through the use of phpBB and
vBulletin, which pass user-supplied data directly to one of the PHP
functions with security problems -- unserialize().
Richard Godbee, Unix Systems Administrator
Department of Geosciences, Virginia Tech
4044 Derring Hall (0420), Blacksburg, VA 24061
rwg at vt.edu / +1.540.231.7002 / +1.540.231.3386 (FAX)
More information about the unisog