Results 1 to 5 of 5

Thread: Santy Worm - Aims at PHP Sites

  1. #1
    Join Date
    Aug 2002
    Posts
    1,236
    Rep Power
    0

    Default Santy Worm - Aims at PHP Sites

    The newest version of the Santy Worm, Santy.e, is threatening more web sites which use PHP scripting to produce dynamically database generated pages. The Santy Worm first surfaced last week, targeting sites which use the phpBB bulletin board/forum service.

    http://www.searchenginejournal.com/index.php?p=1190

    It's looking like other php based sites are vunerable. You will need to be careful about how you use requre() and include() statements.
    Zope, Linux, Web, Intranet
    www.plone.org

  2. #2
    Join Date
    Jul 2002
    Posts
    5,446
    Rep Power
    10

    Default Re: Santy Worm - Aims at PHP Sites

    Thanks for the heads up
    Team Leader
    TechJamaica.com

  3. #3
    Join Date
    Aug 2004
    Posts
    76
    Rep Power
    0

    Default Re: Santy Worm - Aims at PHP Sites

    Well this expected as PHP is most common web development lang.

  4. #4
    Join Date
    Jul 2002
    Posts
    818
    Rep Power
    0

    Default Re: Santy Worm - Aims at PHP Sites

    For some insight as to how a worm like this could function take a gander at this thread:

    http://www.techjamaica.com/forums/showthread.php?t=2153

    Use of the 'require()' and 'include()' function with form variables and query string values can be VERY dangerous.
    -I didn't spel chek.
    The stuff I do

  5. #5
    Join Date
    Feb 2003
    Posts
    3,184
    Rep Power
    0

    Default Re: Santy Worm - Aims at PHP Sites

    php released a statement
    http://www.php.net/security-note.php

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •