'[Owasp-washington] web application worm out'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       owasp-washington
Subject:    [Owasp-washington] web application worm out
From:       Deanne.Harwood () dhs ! gov (Harwood, Deanne I)
Date:       2004-12-22 13:25:33
Message-ID: E85F39996FC6AB4DAAAC828E6C68FAB54ED0B2 () HQWIRMEXCH07 ! hq ! ins
[Download RAW message or body]

Here is a fix... seems to be a urlencoding problem.

Open viewtopic.php in any text editor. Find the following section of code:
Code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
   // Split words and phrases
   $words = explode(' ',
trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

   for($i = 0; $i < sizeof($words); $i++)
   {


and replace with:
Code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
   // Split words and phrases
   $words = explode(' ',
trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

   for($i = 0; $i < sizeof($words); $i++)
   {



-----Original Message-----
From: owasp-washington-admin@lists.sourceforge.net
[mailto:owasp-washington-admin at lists.sourceforge.net] On Behalf Of Chris
Burton
Sent: Tuesday, December 21, 2004 9:45 PM
To: owasp-washington at lists.sourceforge.net
Subject: Re: [Owasp-washington] web application worm out

I found the POC code if you wanted to look:

http://www.k-otik.com/exploits/20041222.sanityworm.pl.php

Talk to you later.

Happy Holidays!

--- Matt Fisher <mfisher at spidynamics.com> wrote:

> All,
>
> Just got word of an internet exploit an application
> vulnerability in
> phpBB.  I haven't heard much about this yet,
> apparently it was released
> today.  Here's the Summary section of the
> vulnerability report for that
> check in WebInspect for all who are interested.
>
> - Matt.
>
>
>
>
> ________________________________________________
> <http://spidynamics.com/index.html>
> Matthew J. Fisher, CNA MCP CCSA CCSE CISSP SCA
> A SPI Dynamics Certified Associate
>
> Security Consultant, S.P.I. Dynamics, Inc.
> tel 240.463.9030
> mfisher at spidynamics.com
> <mailto:mfisher at spidynamics.com>
> "There's no place like ~ "
> <http://www.spidynamics.com/>
>
> > BEGIN:VCARD
> VERSION:2.1
> N:Fisher;Matt
> FN:Matt Fisher
> NICKNAME:Fish
> ORG:SPI Dynamics;Security Engineering
> TITLE:Senior Security Engineer
> NOTE;ENCODING=QUOTED-PRINTABLE:SPI Dynamics produces
> WebInspect, the premier web application security
> asses> ment scanner.  In addition to WebInspect, SPI
> Dynamics offers training and a>  broad range of services through our SPI Labs.
> 

Corporate Contact>  Info: 

Sales: 678-781-4800 option 1.
> email sales at spidynamics.> com
Support: 678-781-4800 option 3 	email
> support at spidynamics.com
> 

I am frequently in meetings or travelling.
> If I cannot take your c> all and you need immediate assistance, please
> contact your District Sales Ma> nager. 

My PGP public key is attached for
> sensitive communication> s: 

-----BEGIN PGP PUBLIC KEY
> BLOCK-----
Version: PGP 8.0.2>


mQGiBDzcBesRBADpkkNAMJaJbjoPR3TY01Ko5AQ6+s4eg/4SuhzGG1EsnioqT+dX
>

sx2HZFG/QfOyZJ0LR2WVda9m92lz18ZK2Q1mmcPHfPEFf4CNi/KOgc1jQ9ZWUUyO
>

PqmeMeJH0wR20qxmH0JzsL0YhZwr1Bb/mQ4SmBt1pnv237gllZYRQSu79wCg/wM5
Nk5
>
xo6Iakt7cnaGLX6sgrqkD/jLpkWDTW1aC1tpfW2pTe7btBvgvzRmoP/2iP42o
P+AvRAxY6
>
KxexlSpOWcKxxMnJV/SiKw2vRU05MTySgWJWlb4x3Jfjyig5Q/qaFNu
HoMnW/M5swjq7f9
>
gZLFHfKtJEAHPIKUkphG1CSkgyeIF9WjZls5YcuImZX3ym/As
cTNAA/9HCGfDOimsF9Ncx
>
fp/yRMNcaCAZfWK6HtsNA8j0dzvcv4cvynIVQ0uHn9A
KSX4teeBx/NAuVd+hn06q4QK7a2
>
1O9aAstf9ocjLUPt4mSw3X9l8IQqWv1IiwbXa
go/di1z5koGUnZie9RVkzvPR5/ElSEO6V
>
f+MnRYVngA+P6Q/NbQrTWF0dGhldyBK
LiBGaXNoZXIgPG1maXNoZXJAc3BpZHluYW1pY3M
>
uY29tPokATgQQEQIADgUCPNwF
6wQLAwIBAhkBAAoJEElda5NvDC9KYf4AoIuKhyn85cvjG
>
/eamFMr9DjWu1UDAJ9z
5GqHs5io6l3fpP9msr87lbd2WbkEDQQ83AXsEBAA+RigfloGYXp
>
DkJXcBWyHhuxh
7M1FHw7Y4KN5xsncegus5D/jRpS2MEpT13wCFkiAtRXlKZmpnwd00//jo
>
cWWIE6Y
ZbjYDe4QXau2FxxR2FDKIldDKb6V6FYrOHhcC9v4TE3V46pGzPvOF+gqnRRh44S
>
p
T9GDhKh5tu+Pp0NGCMbMHXdXJDhK4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebBy
>

HTh1+/bBc8SDESYrQ2DD4+jWCv2hKCYLrqmus2UPogBTAaB81qujEh76DyrOH3SE
T8r
>
zF/OkQOnX0ne2Qi0CNsEmy2henXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZC
V7cIfwgXc
>
qK61qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdM
ZIZJ+AyDvWXpF9S
>
h01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHO
fMlm/xX5u/2RXscBqtNbn
>
o2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNs
OA1FHQ98iLMcfFstjvbzySPAQ/C
>
lWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq
/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKl
>
QzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2J
SyIZJrqrol7DVes91hcAAgIQALqLi8hH8f3918A
>
vy0+0nv+5TarmHGW58wmfW3NU
wH8svx945V8bVPgmRG47ffg6WFLpeMBTfhiH7dwaBW6hV
>
k2sucm6IC9OKU3wXMIB
p/NjukkOg1HVbx1sJiSV8mqBApJaKovvZM/5LWU3L91JwluPn2Z
>
EE6y5+mfVgla8
DFZSzplUGjzt9lM9pnF6wzDg+F1sYyZuMT7rE+8Jb+aGOQAg1LN925pEp
>
L28tprW
pSUi6AldQEXcFffgBaRzqdz0rLTgqkkSJGfCwoT1Q8H32wBZngY50F7hb7SqmAD
>
2
IbCYCC7DIQuRePMBWn2sPzvKWJ2WJ5az6mgIgNYIJa4c+iw5AnImybESGeLKCoka
>

7mbDUC7VEk3Hl+YVCvFfYzc791Y4r4INV6/JZZBC5KS+myIbVq7uSpzBUASgsNWY
1Fy
>
JpUnH8d7oAD4K9wqemRB6RV/TUgxNnzkRRuhd1UR9WDD0LMo7Ns7wUpwUDoYT
Ib3CuXcOE
>
cSX4cJYnGd8ISG2+ToTF0QEZucV9m2am8q+AEgwIhpR6dVt/PV6sMlw
GBR8ptcjWFvc5Gt
>
5vTBRdE82Jqe//4neYZFB4Jbyj2y/TFCd701LOL9DTmOFOulu
7JLDRUzgZp0OPINLzDe1n
>
HvaSdeG+7FXGNGs+Wr9rF78507UtFN5mLQTiv3Bm+dv
21a1iQBGBBgRAgAGBQI83AXsAAo
>
JEElda5NvDC9Km74AoO2f0Wu8oCfsG36WCyFX
pi6C0bkqAJsHr+goS9mWrv23FLxHGh2x8
> KL9dw==
=fiQC
-----END PGP PUBLIC
> KEY BLOCK-----
> TEL;WORK;VOICE:(240) 463-9030
> TEL;CELL;VOICE:(240) 463-9030
> ADR;WORK:;Federal Offices;5066 Stoneboat
> Row;Columbia;MD;21044
> LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Federal
> Offices
5066 Stoneboat Row
Columbia, MD
> 21044
> URL;WORK:http://www.spidynamics.com
> ROLE:Information Security
> EMAIL;PREF;INTERNET:mfisher at spidynamics.com
> REV:20030920T145147Z
> END:VCARD
>



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
OWASP-Washington mailing list
OWASP-Washington at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-washington



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic