PHP Security vulnerability
I am not a webmaster or IT, but I wanted to bring this to your attention. I was told this is the best place to alert webmasters
of a potential problem.
I am an administrator at http://www.itshappening.com
My particular area is the Alneda thread. We track down and follow Jihad websites and forums. One such site you may have heard of is Alneda.com
It was originally thought to be an Al-Qaeda communication portal.
Well they no longer own it, our site owner, Jon Messner does.
Here's an artical on that:
http://www.cnn.com/2002/US/08/08/porn.patriot/
What I want to bring to your attention is the fact that these guys have been unable to establish a domain for themselves, so they are invading sites to post their news. They always seem to upload their site to an image directory.
This is how one of our members believes they are doing it:
AQ: Currently, they are exploiting a known PHP exploit...
The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the privileges of the web server. This vulnerability may be exploited to compromise the web server and, under certain conditions, to gain privileged access.
PHP contains code for intelligently parsing the headers of HTTP POST requests. The code is used to differentiate between variables and files sent by the user agent in a "multipart/form-data" request. This parser has insufficient input checking, leading to the vulnerability.
The vulnerability is exploitable by anyone who can send HTTP POST requests to an affected web server. Both local and remote users, even from behind firewalls, may be able to gain privileged access.
Furthermore, Both local and remote users may exploit this vulnerability to compromise the web server and, under certain conditions, to gain privileged access. So far only the IA32 platform has been verified to be safe from the execution of arbitrary code. The vulnerability can still be used on IA32 to crash PHP and, in most cases, the web server.
The PHP Group has released a new PHP version, 4.2.2, which incorporates a fix for the vulnerability. All users of affected PHP versions are encouraged to upgrade to this latest version.
If you have any input on this subject, it would be greatly appreciated. I have started a thread on our site about this issue.
http://www.itshappening.com/showthre...&threadid=4005
Maybe we are wrong about this. But it can't hurt to play it safe.
I just wanted to bring this to your attention.
Sincerely,
Al-Qaeda Hunter
