[unisog] php sites hacked...

David R. Linn drl at vuse.vanderbilt.edu
Mon Dec 20 17:47:56 GMT 2004


>> From: Vijay S Sarvepalli VSSARVEP <VSSARVEP at uncg.edu>
>> Date: Mon, 20 Dec 2004 10:06:26 -0500
...
>> All php sites in our one server have been hacked, defaced with 
>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>> <HTML><HEAD>
>> <TITLE>This site is defaced!!!</TITLE>
>> </HEAD><BODY bgcolor="#000000" text="#FF0000">
>> <H1>This site is defaced!!!</H1>
>> <HR>
>> <ADDRESS><b>NeverEverNoSanity WebWorm generation 9.</b></ADDRESS>
>> </BODY></HTML>
>> Do you guys know what vulernability this is?
>> 
>> Vijay

There was a bug in the unserialize function announced last week.

Do you have any scripts that use that function?




More information about the unisog mailing list