Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

phpAdsNew log items, vulnerabilities, fix and patch information

Published: 2005-11-11
Last Updated: 2005-11-11 15:12:02 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
Fotis Kouretas submitted log information related to phpAdsNew with the observation that "While xmlrpc scans are common for the last 2 days, these log snips has something special. It doesn't scan all the web servers and it know the locations of a specific target : phpAdsNew".

There were no other event log correlations, Fotis's log submission showed:

"POST /apps/media/ads/adxmlrpc.php HTTP/1.1" 406 278 "-" "-"
"POST /media/adxmlrpc.php HTTP/1.1" 406 349

The log entries may be related to a Nov 10 2005 phpAdsNew vulnerability announcement:
[Full-disclosure] [FS-05-01] Multiple vulnerabilities in phpAdsNew
phpAdsNew Affected versions:
Atleast 2.0.6, most likely others versions also.
Impact:
A remote attacker could exploit this to learn installation paths on
server, as well as to locate new files and possible manually modified
files.
If magic_quotes_gpc is off, a remote attacker can also compromise the
integrity of the database.

According to Matteo Beccati at phpAdsNew "The fix is on CVS REL_2_0 branch for now, I'll be able to make the final test and do the release in the weekend." (2005-11-12, 2005-11-13)
Project: phpAdsNew: CVS

We will post additional information from contributors as it's developed.

Thanks Fotis!
Keywords:
0 comment(s)
Diary Archives