Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: phpMyFAQ being exploited SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
phpMyFAQ being exploited
A vulnerability in phpMyFAQ, which is an open source FAQ system for PHP and various databases, has been published back in February (http://www.phpmyfaq.de/advisory_2007-02-18.php).
Jeremy notified us that this is being exploited in the wild. The vulnerability allows an attacker to upload arbitrary files on the server. As you can probably guess, currently attackers first upload a php shell, after which the machine is typically turned into a spam spitting server.

If you are using phpMyFAQ, be sure to install the updates available on their web site (http://www.phpmyfaq.de/).I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Amsterdam January 2021

Bojan

392 Posts
ISC Handler
Mar 5th 2007

Sign Up for Free or Log In to start participating in the conversation!