[Full-disclosure] phpbb blend portal and activity mods at risk

["ad@xxxxxxxxxxxxxxxx" <ad@xxxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I have got this email today and it should be more than useful also
forwarded on FD:

- ---------------------------------------------------------------quoting
austin-----


It has come to my attention that Blend has a security issue. If you have
Blend Portal System OR Activity Mod installed, please disable your board
or uninstall these mods for the time being and do the file edit that I
have listed below. Here are a list of IPs that you need to ban from your
site as well.



85.107.151.110, 84.112.100.97, 84.112.100.97, 200.112.130.69,
87.97.213.154, 211.66.110.157, 201.29.218.185, 195.93.60.97,
202.133.82.69, 70.136.76.25, 212.104.107.114, 157.142.200.121,
200.243.242.123, 166.111.249.39, 85.104.25.166, 85.14.214.4



These are known IPs that have used a script to infect sites with trojans
via a file in blend.

Open:

blend_data/blend_common.php



FIND



define('BLEND_DATA_PATH',         'blend_data/');



BEFORE, ADD



if (!defined('IN_PHPBB'))

die('Hack Attempt');



CLOSE & SAVE



I will release a fix for these issues ASAP.



I apologize for this huge inconvenience.


- ---------------------------------------------------------------quote
end-----




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (MingW32)
 
iD8DBQFEer/zFJS99fNfR+YRAvpdAJ9oPW2ybD2z0PdOTW+SGPE9JLmQ8QCdGT78
nqqqrR0IY3g9QAu9P+I5zqI=
=Fnxy
-----END PGP SIGNATURE-----

begin:vcard
fn:Arnaud Dovi / Ind. Security Researcher
n:Dovi;Arnaud
email;internet:ad@xxxxxxxxxxxxxxxx
tel;work:Independent Security Researcher
version:2.1
end:vcard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/