[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] php.net compromised and php source backdoored

To: sec yun <root@xxxxxxxxxx>
Subject: Re: [Full-disclosure] php.net compromised and php source backdoored
From: Benji <me@xxxxxxxxx>
Date: Fri, 18 Mar 2011 14:03:48 +0000

Happened 3 months ago;

http://bjori.blogspot.com/2010/12/php-project-and-code-review.html

One could theorize that same user used same password for the wiki and had
file upload permissions. Worrying that PHP.net didn't do a review everything
that account could access.

On Fri, Mar 18, 2011 at 10:27 AM, sec yun <root@xxxxxxxxxx> wrote:

> Hi
>
> Someone report a security incident about php.net
>
> http://www.wooyun.org/bugs/wooyun-2010-01635
>
> The picture show that some php.net site was compromised,and hacker
> backdoored php source
>
> :)
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] php.net compromised and php source backdoored
  - From: Jacky Jack

References:
- [Full-disclosure] php.net compromised and php source backdoored
  - From: sec yun

Prev by Date: [Full-disclosure] OWASP AppSec USA 2011 Call For Papers
Next by Date: [Full-disclosure] libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
Previous by thread: [Full-disclosure] php.net compromised and php source backdoored
Next by thread: Re: [Full-disclosure] php.net compromised and php source backdoored
Index(es):
- Date
- Thread