Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - phpAdsNew log items, vulnerabilities, fix and patch information InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

phpAdsNew log items, vulnerabilities, fix and patch information

Published: 2005-11-11
Last Updated: 2005-11-11 15:12:02 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
Fotis Kouretas submitted log information related to phpAdsNew with the observation that "While xmlrpc scans are common for the last 2 days, these log snips has something special. It doesn't scan all the web servers and it know the locations of a specific target : phpAdsNew".

There were no other event log correlations, Fotis's log submission showed:

"POST /apps/media/ads/adxmlrpc.php HTTP/1.1" 406 278 "-" "-"
"POST /media/adxmlrpc.php HTTP/1.1" 406 349

The log entries may be related to a Nov 10 2005 phpAdsNew vulnerability announcement:
[Full-disclosure] [FS-05-01] Multiple vulnerabilities in phpAdsNew
phpAdsNew Affected versions:
Atleast 2.0.6, most likely others versions also.
A remote attacker could exploit this to learn installation paths on
server, as well as to locate new files and possible manually modified
If magic_quotes_gpc is off, a remote attacker can also compromise the
integrity of the database.

According to Matteo Beccati at phpAdsNew "The fix is on CVS REL_2_0 branch for now, I'll be able to make the final test and do the release in the weekend." (2005-11-12, 2005-11-13)
Project: phpAdsNew: CVS

We will post additional information from contributors as it's developed.

Thanks Fotis!
0 comment(s)
Diary Archives