Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: phpBB <= 2.0.17 exploit code in the wild SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
phpBB <= 2.0.17 exploit code in the wild
It's an early holiday gift for phpBB admins all over the world.  Exploit code affecting phpBB version 2.0.17 and previous has been made public.  The targeted vulnerability was announced on Halloween, and updates have been available since then.

I predict we'll be seeing profile.php probes appear in your web logs right along with the awstats and xml-rpc attacks that you've been getting.
Kevin Liston

292 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!