[Typo3-dev] Santy.a Worm and Typo3 3.5
Luc de Louw
luc.delouw at bit-heads.ch
Wed Dec 22 22:37:15 CET 2004
Jim Neumann wrote:
> Has anybody seen the issue with phpBB and the Santy.a Worm? I have three
> questions:
>
> 1. Is Typo 3.5 vunerable to this worm?
AFAIK no[1]
> 2. Is Typo 3.5 compatible with php 4.3.10 (which closes the door to this
> worm)?
yes
> 3. Is Typo 3.7.0 vunerable to this worm?
AFAIK no[1]
[1] The Santy worm is searching trough google for "viewtopic.php" (a
specific phpBB code which allows the "highlight-expoit"). Google bocked
that kind of search as today.
To investigate further, please see the exploits source code:
http://www.k-otik.com/exploits/20041222.sanityworm.pl.php
HTH
rgds
Luc
--
Luc de Louw
bit-heads GmbH
Rebbergstrasse 81
CH-8049 Zurich
Switzerland
Web: http://www.bit-heads.ch
Local Phone: +41 43 534 09 00
Mobile +41 76 430 80 31
Germany: +49 30 868 706 861
Austria: +43 1 962 71 44
USA: +1 360 226 80 37
UK: +44 870 06 82 321
More information about the TYPO3-dev
mailing list