|Michael Lazin on 27 Apr 2009 15:54:29 -0700|
Hi, I recently discovered that one of our customer's databases was overloaded and abused, it appears to be due to a joomla fireboard vulnerability. I found this log entry that definitely looks suspicious, although I'm not sure this is definitely the hack. I've replaced the domain name with x's to protect the vulnerable
access.log.16.gz:184.108.40.206 - - [16/Apr/2009:02:01:13 -0400] "POST /adminis
trator/index2.php HTTP/1.1" 200 142884 www.xxx.com "http://www.xxx.com/a
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Alexa Toolbar)" "-"
I did a cursory search for Joomla Fireboard SQL injection vulnerabilities and found nothing. IMHO joomla is crap, I see it cracked all the time, but I am interested in this because I see SQL injection attacks more commonly on M$ servers, and I haven't found any documentation on this particular exploit. Anyone know where I should look for fireboard vulnerabilities or where I should post to if this turns out to be something new?
ASCII ribbon campaign ( )
against HTML e-mail X
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug