Fugitif
02.02.2009, 13:39
It all started on Jan 14th when I was surfing milw0rm and came across this exploit: [www.milw0rm.com] I then remembered that phpbb.com was running PHPlist and went looking through my email to find the link to the script’s location. So I went to phpbb.com/lists and sure enough they were running a vulnerable version. Next I enabled my favorite program proxy program and tried [www.phpbb.com][ConfigFile]=../../../../../../etc/passwd and sure enough it included the etc/passwd
QOUTE from phpbb.com:
Maintenance
We are sorry to report that we have been attacked through a vulnerability in an outdated PHPList installation. phpBB.com and related sites will remain unavailable while we work to recover. No vulnerabilities have been found in the phpBB software itself.
You can download phpBB here: http://www.ohloh.net/p/phpbb
You can get support at the temporary support forums or on IRC: chat.freenode.net #phpbb
– the phpBB team
LOOOL :D
FULL ARTICLE: (http://hackedphpbb.blogspot.com/)
QOUTE from phpbb.com:
Maintenance
We are sorry to report that we have been attacked through a vulnerability in an outdated PHPList installation. phpBB.com and related sites will remain unavailable while we work to recover. No vulnerabilities have been found in the phpBB software itself.
You can download phpBB here: http://www.ohloh.net/p/phpbb
You can get support at the temporary support forums or on IRC: chat.freenode.net #phpbb
– the phpBB team
LOOOL :D
FULL ARTICLE: (http://hackedphpbb.blogspot.com/)