Rapid7 Vulnerability & Exploit Database

Past compromise with file injection in phpBB

Back to Search

Past compromise with file injection in phpBB

Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
05/11/2008
Created
07/25/2018
Added
05/13/2008
Modified
12/04/2013

Description

The web site has been compromised using XSS injection attacks to redirect visitors to a fake codec download site which distributes a piece of malware known as DNSChanger, part of the Zlob trojan family. As of May 11, 2008 more than 400,000 sites appear to have been compromised. All of them run the phpBB forum software which indicates the attack may have exploited a known or unknown XSS vulnerability in phpBB.

The XSS injection hack manifests itself as an HTML <script> tag pointing to a file named "f.js" hosted on domains such as "free.hostpinoy.info" and "xprmn4u.info".

Solution(s)

  • spider-fix-mass-phpbb-file-injection

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;