Rapid7 Vulnerability & Exploit Database

Perl.Santy infection found

Back to Search

Perl.Santy infection found

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
12/27/2004
Created
07/25/2018
Added
12/27/2004
Modified
12/04/2013

Description

The system was found to be infected with Perl.Santy worm. This is a worm written in perl script which exploits an input validation problem in php bulletin board software (phpBB). An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised web server. All the Web Servers running versions of the php2.x bullentin board prior to 2.0.11, are vulnerable to this exploit.

This particular worm writes itself to a file named "m1ho2of" on the system. It then overwrites all the files ending with .htm, .php, .asp. shtm, .jsp, and .phtm replacing them with HTML content:

              This site is defaced!!.
              NeverNoSanity WebWorm generation X

It then propogates further by looking for more such systems using google as search tool.

Solution(s)

  • http-perl-santy
  • http-phpbb-input-validation-problem

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;