My next class:
Web App Penetration Testing and Ethical HackingAmsterdamMar 31st - Apr 5th 2025

phpMyFAQ being exploited

Published: 2007-03-05. Last Updated: 2007-03-05 22:11:14 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)
A vulnerability in phpMyFAQ, which is an open source FAQ system for PHP and various databases, has been published back in February (http://www.phpmyfaq.de/advisory_2007-02-18.php).
Jeremy notified us that this is being exploited in the wild. The vulnerability allows an attacker to upload arbitrary files on the server. As you can probably guess, currently attackers first upload a php shell, after which the machine is typically turned into a spam spitting server.

If you are using phpMyFAQ, be sure to install the updates available on their web site (http://www.phpmyfaq.de/).
Keywords:
0 comment(s)
My next class:
Web App Penetration Testing and Ethical HackingAmsterdamMar 31st - Apr 5th 2025

Comments


Diary Archives