يك اخطار براي دارندگان انجمنهاي phpbb

[4shir]

توي تالار هك هست لينكش رو الان ندارم اما تحت تاپيكي به عنوان
باگ خطرناك براي phpbbهست خود من هم پستش رو دادم اين هم لينك پتچ توي سايت بي بي
http://www.phpbb.com/phpBB/viewtopic.php?t=240513

 

[4shir]

سلام الان يك چيز جالب ديدم من مك آفي رجيستر شده دارم ورژن 9 الان داشتم با سورس كرم سانتي كار ميكردم يهو به عنوان ويروس شناختش و دليت كرد فايلها رو بعد از اون هم 3 فايل آلوده ديگه رو شناخت گمونم تنها راه شناساي گوگل نباشه اين سورسهاي كه هست سر كاري هست مراقب باشيد

 

[BeHnAm_akb]

منظورتون كد.م سورساست؟

 

[Mohsen_Spy]

جالبه كه اين ورم فقط به phpbb حمله نمی کنه !!!!

 

[Mohsen_Spy]

مثلا به اين ليست نگاه كنيد
http://www.humaneventsonline.com/article.php?id=5824
http://bugs.mysql.com/bug.php?id=5824,
http://ns1.php.gr.jp/pipermail/php-users/2002-March/005832.html
http://www.mathlinks.ro/Forum/viewtopic.php?t=5462
http://www.backwash.com/content.php?jouid=5824
http://student.cs.ucc.ie/cs1064/jabowen/IPSC/php/db.php?aid=5824
http://www.ribaat.org/services/forum/archive/index.php/t-25410
http://www.freebiedot.com/refer.php?ln=5824
http://www.webwarrior.net/print.php?sid=5824
http://in.geocities.com/samdarshipali/apache-php-mysql.htm
http://www.carforumz.net/forum/index.php?showtopic=4888&st=40
http://forums.photographyreview.com/showthread.php?t=7019
http://phpnuke.org/modules.php?name=News&file=print&sid=5824
http://openphoto.net/wiki/index.php/Image_5824
http://www.goodhopebags.com/product.php?ProductID=5824
http://forum.pcmech.com/archive/index.php/t-7134.html
http://forum.mamboserver.com/showthread.php?p=5824&mode=threaded
http://forum.mamboserver.com/showpost.php?p=5824&postcount=1
http://forum1.panda123.cn/viewthread.php?tid=7227
http://weblog.sinteur.com/index.php?p=5824
http://ns1.php.gr.jp/pipermail/php-users/2002-March/005833.html
http://forums.designtechnica.com/showthread.php?t=5824
http://www.ultimateoutdoors.co.uk/show_stock.php?plu=5824
http://phpnuke.org/modules.php?name=News&file=article&sid=5824
http://www.sitepoint.com/forums/archive/index.php/t-5824.html
http://www.trustlust.co.uk/displayimage.php?album=topn&cat=0&pos=34
http://hnn.us/readcomment.php?id=5824
http://www.lik-sang.com/info.php?products_id=5824&lsaid=260010
http://about.pricegrabber.com/search_attrib.php/page_id=1446/view_all=1
http://www.markbentley.org/album/displayimage.php?album=random&cat=0&pos=-2542
http://www.net-security.org/news.php?id=5824
http://www.xoops.org/modules/news/article.php?storyid=180
http://www.planet-php.org/stats/usage_200412.html
http://www.zend.com/lists/php-dev/200203/msg00733.html
http://excoboard.com/exco/thread.php?forumid=15460&threadid=130041
http://pr.indymedia.org/mail.php?id=5824
http://www.artifact.ac.uk/displayoai.php?id=5824
http://portal.unesco.org/ci/en/ev.php-URL_ID=5824&URL_DO=DO_TOPIC&URL_SECTION=201.html
http://forum.bbclone.de/index.php/f/2/f67798252dfe579406758fd72ed94979/
http://fotocopiadoras-xerox.seti-argentina.com.ar/5824.php
http://pr.indymedia.org/print.php?id=5824
http://www.ucs.co.uk/index.php?pid=1438
http://www.wicca.com/celtic/forums/view_topic.php?id=5824&forum_id=1&jump_to=113055
http://www.filetransit.com/view.php?id=5824
http://uk.polyphonics.tv/order_picmes.php?id=5824
http://www.cpals.net/forums/index.php?showtopic=5824&view=getnewpost
http://bbs.pcpro.com.cn/misc.php?action=emailfriend&tid=5824&sid=mM6FHInN
http://coppermine.sourceforge.net/demo/displayimage.php?album=lastcom&cat=0&pos=97
http://forums.thedruidsgrove.org/member.php?u=5824
http://www.zend.com/lists/php-dev/200203/thrd7.html
http://www.literaturkritik.de/public/rezension.php?rez_id=5824&ausgabe=200304
http://xtremods.com/vbulletin/archive/index.php/t-5824.html
http://www.anecdotage.com/index.php?aid=5824
http://www.mporzio.astro.it/~marco/gc/cluster_4.php?ggc=NGC+5824
http://www.abc-toner-cartridges.co.uk/shop/Xerox-5824-Toner-Cartridge-100842.php
http://www.courir74.com/photos/ratepic.php?pic=5824&rate=3
http://ts.rtvpix.com/tour.display.php?utl=VL-5824-IJXQWI-01
http://www.arabgames.com/main/modules.php?name=Forums&file=viewtopic&t=5824
http://www.teknohaber.net/makale.php?id=20404
http://www.serverwatch.com/stats/netcraft/article.php/3430741
http://www.primenumbers.net/prptop/detailprp.php?rank=5824
http://www.mperia.com/artistfeed.php?id=1435
http://periskop.cz/tisk.php?id=5824
http://www.the-magicbox.com/forums/archive/index.php/t-5824.html
http://kanji.free.fr/kanji.php?unicode=5824
http://www.geneseo.edu/academic_depts/faculty.php?dept=SOPA
http://jesuschrist.ru/forum/174051,,.php
http://www.php.kz/d.php?b=1
http://www.info.com.hk/forum/viewtopic.php?t=5639
http://coppermine.sourceforge.net/demo/displayimage.php?album=random&cat=1&pos=-34&lang=malay
http://www.pcformat.co.za/modules.php?name=News&file=article&sid=34
http://www.megabid.de/auktionsliste.php
http://www.skazki.org.ru/view.php?id=5824
http://www.pdga.com/tournament/playerstats.php?PDGANum=5824&year=2004
http://www.econ.ucl.ac.uk/displayProfile.php?staff_key=160
http://www.dynamicwebpages.de/20.fo...pload+grosser+Files+via+http&forum=PHP3&kat=1
http://www.devinity.de/archive/index.php/t-5838.html
http://www.registrar.dal.ca/calendar/class.php?subj=BIOL&num=5824
http://www.extreme-players.de/downloads.asp?ID=5824
http://www.lri.fr/~simon/contest/results/livesolver.php?idsolver=22&magnify=5824
http://www.pwsphp.com/index.php?mod=forum&ac=voir&cat=9&id=5824&debut=0
http://auto.impuls.cz/index_archiv.php?clanek=5824
http://www.phpbuilder.com/lists/php3-list/200003/5824.php
http://emploi.anarvorig.com/demande2.php?id=5824
http://www.stickpage.com/vb/archive/index.php/t-5824.html
http://www.e-cremona.it/print.php?sid=5824
http://www.homelanfed.com/index.php?id=5824
http://www.annuvacances.com/detail.php?siteid=5824
http://www.trojaner-board.de/printthread.php?t=5824
http://www.discuz.net/member.php?action=list&srchmem=&order=regdate&admins=&page=18
http://www.unitedforpeace.org/calendar.php?calid=5824
http://www.osvdb.org/displayvuln.php?osvdb_id=5824
http://club.sohu.com/read_user.php?userCN=jingang5824@sohu
http://www.udvikleren.dk/vis_ui.php?id=5824
http://www.norphoto.com/r/m.php?p=5824
http://portal.unesco.org/ci/fr/ev.php-URL_ID=5824&URL_DO=DO_TOPIC&URL_SECTION=201.html
http://www.travelplanet.pl/index.php?dzial=czarter_h&akc=pokaz&oferta_id=614683
http://phpfaq.eai.jp/pukiwiki.php?ML%2F%CA%B8%BB%FA%BF%F4%C0%A9%B8%C2%A4%F2%A4%AB%A4%B1%A4%BF%A4%A4(textarea%2Fmaxlength)
http://hk.cl2000.com/?/artist/show_painting.php?id=5824&pid=1316
http://hk.cl2000.com/?/artist/show_painting.php?id=5824&pid=1316
http://warpspeed.4thdimension.de/modules.php?name=Downloads&d_op=viewdownload&cid=15
http://warpspeed.4thdimension.de/modules.php?name=News&warpspeed=172
http://www.ksop-cscp.si/stats.php?4
http://www.emoto.com/annonces/3.php?id=5824&p=&s=
http://www.hardlimit.com/forum/archive/index.php/t-5824.html
http://www.php-free.de/Umfragen/
http://www.evene.fr/popenvoi.php?u=/celebre/fiche.php?id_auteur=5824&topic=Laurent_Baffie
http://www.vegasstore.de/vegas/ep_cont/user/index.php?page_id=29&x_content=211,16&image=158_5824
http://www.interoptik.de/product_info.php?products_id=276
http://www.php.lt/konf-archive/5824.html
http://www.ksop-cscp.si/stats.php?3
http://www.hl-live.de/aktuell/text.php?id=5824
http://zoomserv.mls.ee/lvirumv/index.php?id=2&t_id=36&asutus_id=1&dok_id=438283
http://zoomserv.mls.ee/lvirumv/index.php?id=2&t_id=36&asutus_id=1&dok_id=438284
http://www.dirks-computerecke.de/catalog/product_info.php/cPath/16/products_id/6921
http://news.free-radio.de/pnews/b2trackbackpopup.php?p=5824&tb=1
http://www.meteodiario.it/segnadati.php?id=5824
http://archives.postgresql.org/pgsql-advocacy/2003-09/msg00053.php
http://archives.postgresql.org/pgsql-advocacy/2003-09/msg00051.php
http://www.jachtelektronik.de/shop/catalog/product_info.php?products_id=198
http://www.webhostlist.de/host/data/zuverlaessigkeit.php?aid=5824
http://www.cremonaweb.it/phpclassifieds/detail.php?siteid=5824
http://www.riedel-design.de/shop/shop/shopindex.php?artikel=5824
http://www.cerimes.education.fr/print_catalogue.php?a=5824&l=7
http://www.ocla.com/searchform_b.php?CATEGORYDESC=XEROX4
http://www.e-cremona.it/article.php?sid=5824
http://www.hardtofindauctions.com/9330/104395087.php
http://www.3g.co.uk/3GForum/archive/index.php/t-5824.html
http://www.wicca.com/celtic/forums/view_topic.php?id=5824&forum_id=&jump_to=113055
http://www.marketingtool.com/linktous.php?c_section=435&c_geography_row_id=5824
http://www.pcformat.co.za/modules.php?name=Forums&file=viewtopic&p=177424
http://www.playersparadise.net/song_detail.php?song_id=5824
http://www.php-free.de/Umfragen/more4.html
http://www.thrillnetwork.com/boards/archive/index.php/t-5824.html
http://ubuntuforums.org/archive/index.php/t-5824.html
http://www.roleplay-online.com/modules.php?name=Forums&file=viewtopic&p=5824
http://www.moviepostershop.com/display.php/10_1____1-5824.html
http://www.linux-es.org/Estadisticas_web/usage_200406.php
http://forum.armenianclub.com/archive/index.php/t-4378
http://www.simulation.dk/stats.php?3
http://rupestre.net/tracce_php/modules.php?name=Sections&op=viewarticle&artid=9
http://coranto.gweilo.org/forum/viewtopic.php?t=5824&view=previous
http://www.bitoek.uni-bayreuth.de/mik/en/mitarbeiter/mit/mitarbeiter_detail.php?id_obj=5824
http://photo.thetechzone.com/computers.php?photo=5824
http://cns.utmem.edu/faculty/P_Herron.php
http://science.box.sk/newsread.php?newsid=5824
http://www.wilderssecurity.com/archive/index.php/t-5824.html
http://www.stickpage.com/vb/showthread.php?t=5824
http://www.dolphinposters.biz/phpBB2/odp.php?browse=/Science/
http://www.nutsvolts.com/adlinks.php
http://www.garagegames.com/index.php?sec=mg&mod=resource&page=view&qid=5854
http://tyr.ibms.sinica.edu.tw/haplotype/pattern.php?qby=set&setid=5824
http://e-stellarcomputers.com/modules/news/article.php?storyid=8
http://www.birdforum.net/showthread.php?t=5824
http://www.railwayscene.co.uk/image.php?imgref=306
http://www.whiteblaze.net/gallery/s...4/size/big/password/0/sort/1/cat/last1/page/1
http://www.whiteblaze.net/gallery/showphoto.php/photo/5824/password/0/sort/1/cat/last1/page/1
http://www.ashleemedia.net/displayimage.php?album=toprated&cat=0&pos=63
http://www.kickback2.co.uk/messageboards/view_topic.php?id=11140&forum_id=2
http://www.photoshoptechniques.com/forum/archive/index.php/t-5824.html
http://www.codingforums.com/showthread.php?p=255451
http://www.jcxp.net/forums/index.php?showtopic=627&view=getlastpost
http://gs3074.sp.cs.cmu.edu/gallery/view_photo.php?set_albumName=Algonquin-Camping&id=IMG_5824
http://www.politics.ie/modules.php?name=News&file=print&sid=5824
http://bfarber.com/index.php?showtopic=5796&view=new
http://www.gifttree.com/show.product.php?product_id=5824&version_id=1
http://patdb.ffii.org/sql/view.php?p=EP559975
http://www.syndic8.com/feedlist.php?ShowMatch=http://xml.newsisfree.com/feeds/24/5824.xml
http://pianoforum.net/smf/index.php/topic,5824.0.html
http://www.yabbforum.com/languages.php
http://forums.relicnews.com/archive/index.php/t-37046.html
http://e-stellarcomputers.com/modules/news/article.php?storyid=11
http://www.newbiehangout.com/odp.php?browse=/Science/
http://www.flashplayer.com/forum/archive/index.php/t-5824.html
http://www.techimo.com/photo/showphoto.php/photo/5824/sort/1/cat/all/page/1
http://www.lexusownersclub.co.uk/forum/index.php?showtopic=18460
http://www.luchtzak.be/modules.php?name=News&file=print&sid=5824
http://www.skichalets.co.uk/chalets.php?id=5824
http://www.science.ca/stats/usage_200402.php
http://www.ryanflannery.org/stats/usage_200410.php
http://www.gup.uni-linz.ac.at/webalizer/usage_200405.php
http://www.ldrc.ca/projects/stencils/sten_summary.php?showusersummary=5824
http://www.dailygusto.com/blog/archives/television/000132.php
http://www.photoshoptechniques.com/forum/archive/index.php/t-9100.html
http://www.luchtzak.be/modules.php?name=News&file=friend&op=FriendSend&sid=5824
http://ic2.epfl.ch/it/www/stat/results/Jul24.php
http://www.codingforums.com/showthread.php?p=178413
http://www.linuxquestions.org/questions/index.php?s=
http://dipastro.pd.astro.it/globulars/databases/snapshot/gcsnapshot.php?gcid=n5824
http://www.webwarrior.net/modules.php?op=modload&name=News&file=article&sid=5824
http://www.gelt.ws/displayimage.php?album=93&pos=12
http://linux-bangalore.org/stats/usage_200404.php
http://www.saints.org.uk/modules.php?name=dbgraphs&function=matchgraph&qstringseason=1994~95
http://www.gallarotti.net/4images/categories.php?cat_id=157
http://www.guardcentral.com/modules.php?name=News&file=print&sid=5824
http://www.seishin.cl/modules.php?name=Forums&file=viewtopic&p=5824&highlight=
http://www.cs.ualberta.ca/~chinook/databases/byslice/5.php
http://www.marketingtool.com/linktous.php?c_section=455&c_geography_row_id=5824
http://www.thedancegypsy.com/danceList.php?dance=dance-178:
http://www.wsta.net/html/modules.php?name=News&file=article&sid=185
http://www.wsta.net/html/modules.php?name=News&file=article&sid=137
http://forums.dealofday.com/showthread.php?goto=newpost&t=152454
http://nukeum66.us/index.php
http://www.xm411.com/phpbb/viewtopic.php?t=1705
http://www.xm411.com/phpbb/viewtopic.php?p=205047
http://simflight.com/modules.php?name=News&file=article&sid=5824
http://www.allfordmustangs.com/phot...5824/password/speedpass/sort/1/cat/556/page/1
http://www.allfordmustangs.com/photopost/showphoto.php/photo/5824
http://www.upatsix.com/stats/usage_200108.php
http://www.syndic8.com/feedlist.php?ShowMatch=http://xml.newsisfree.com/feeds/13/9013.xml
http://www.garagegames.com/index.php?sec=mg&mod=resource&page=view&qid=5824
http://www.youthontherock.com/viewtopic.php?p=5824
http://www.collective-zine.co.uk/modules.php?name=Forums&file=viewtopic&t=5824
http://www.aircraftbraking.com/DOC_Download.php?doc_name=training_info.pdf
http://forum.digitalspy.co.uk/board/showthread.php?t=175270&page=3&pp=25
http://about.pricegrabber.com/search_attrib.php/page_id=1664/view_all=1
http://www.reslife.rochester.edu/graduate/welcome.php
http://worldwideforum.net/index.php?s=&act=ST&f=2&t=68086
http://www.nodedb.com/europe/index.php
http://www.fansfocus.com/forum/showflat.php/Cat/0/Number/385406/Main/381094/
http://www.nvnews.net/vbulletin/showthread.php?t=8972&page=9
http://www.linuxforum.com/forums/index.php?showtopic=116610
http://www.saints.org.uk/modules.ph...ayer&num=15166&namefor=Andrew&namesur=Dannatt
http://www.abyat.com/top_views_qs.php
http://forums.hardwarezone.com/showthread.php?t=873630
http://www.shokk.com/modules.php?name=Webalizer&op=usage_200412.html
http://www.harktheherald.com/springville/modules.php?op=modload&name=News&file=article&sid=2934

 

[Mohsen_Spy]

معذرت مي خواهم اين همه طولاني شد فقط خواستم بدونيد كه اين نتيجه اسكن كردن كمتر از 1 دقيقه اي اين كرم هست ... حالا نگاه كنيد كه چند تا از اين ها phpBB هستن ...!؟

 

[4shir]

سلام من حواسم نبود توي سايت خودمون گفتم اين رو همون روز اول هم گفتم نصف سايتهاي كه زده شدن زيرشون نوشته بودpowerd bye invison board و جالب تر در مورد نحوه فعاليت اين ورم اين هست كه نه تنها يك اكسپوليت خاص بلكه تعدادي از اكسپوليتهاي مختلف رو تست ميكنه چيز جالب ترش هم اينكه من نميدونم چط.ر ايندكسها رو دليت ميكنه و خودش رو جايگزين