[framework] Metasploit 3 module for PHP < 4.5.0 unserialize() bug
Nicolas RUFF
nicolas.ruff at gmail.com
Tue Apr 3 15:07:58 CDT 2007
> Trivia: About 1 in 70 phpBB installations have been defaced:
> http://www.google.com/search?num=100&hl=en&q=%22Powered+by+phpBB%22+%22hacked+by%22
> http://www.google.com/search?num=100&hl=en&q=%22Powered+by+phpBB%22
In absolute figures: number of hacked sites is "about 503,000".
> http://www.google.com/codesearch?hl=en&q=+unserialize.*COOKIE+-base64
Let's have a look at first two pages of Google results: Dotclear,
phpBB2, punBB, SPIP, xoops, ...
> http://www.google.com/codesearch?hl=en&lr=&q=unserialize.*POST
First page: Phorum, Cacti, phpGroupWare, ...
"What else ?" (tm)
Regards,
- Nicolas RUFF
More information about the framework
mailing list