[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] PHP Worm traffic?

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] PHP Worm traffic?
From: Simon Waters <simon@xxxxxxxxxxxxxx>
Date: Tue, 17 Dec 2013 18:02:16 +0000
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx

On 17 Dec 2013, at 17:54, Simon Avery <digdilem@xxxxxxxxx> wrote:

To some extent, the payload is secondary to the method of propogation. Even if the purpose of this worm is primarily to replicate, it will be days or even hours before someone else has another exploiting the same vectors, and perhaps with a different agenda.

Hmm this is a very easy to exploit vuln, the request sends basically a command to give me a PHP shell on the remote machine, so if it doesn't lock up behind itself it is game over.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- [LUG] PHP Worm traffic?
  - From: Simon Waters
- Re: [LUG] PHP Worm traffic?
  - From: Tom
- Re: [LUG] PHP Worm traffic?
  - From: Martijn Grooten
- Re: [LUG] PHP Worm traffic?
  - From: Simon Waters
- Re: [LUG] PHP Worm traffic?
  - From: Simon Avery
- Re: [LUG] PHP Worm traffic?
  - From: Simon Waters
- Re: [LUG] PHP Worm traffic?
  - From: Simon Avery

Prev by Date: Re: [LUG] PHP Worm traffic?
Next by Date: Re: [LUG] PHP Worm traffic?
Previous by thread: Re: [LUG] PHP Worm traffic?
Next by thread: Re: [LUG] PHP Worm traffic?
Index(es):
- Date
- Thread