I’m no security expert, but I think what he did was he uploaded an avatar with a PHP code inside it, found a server/script exploit and ran it. I opened up the avatar (after looking for it for hours) and found this code (see below screenshot). Then he launched the attack from there appending malicious links on a file that is being included everytime SMF draws a page.

A quick Diff on SMF’s base files and our SMF files revealed that a new readme.php was created. And it contained the following:

Decoding that garbled texts reveals that readme.php was run on the browser and that was the main cause of appending links on the Settings.php.

I am still baffled by the fact that some people would do such things. Disrupt service for profit? Well, as for  krisbarteo, yes you’ve succeeded in doing that. Then what? Happy now? If you only have used that smarts and skills on the good stuff, you’d probably be rich by now.

To all PHPugers, we hope that this thing doesn’t happen again even if we all know that the Internet isn’t safe from these crackers. It’s all good. For now.

Login to PHPUGPH now and grab the exclusive promo code. Hurry! This offer expires October 31, 2008 is extended till the end of the year!

Date: August 7, 2008 (Thursday)
Time: 7:30 AM – 5:00 PM
Venue: Isla Ballroom, Tower Wing, EDSA Shangrila

Globe Labs is a new organization within Globe Telecom whose mission is to help bring in the newest future technology services at the earliest market-relevant time. We explore new and future technologies, and partner with developers to create new Internet, wired and wireless applications.

What Globe have in store for you: Learn, Build, Compete and Succeed

• Discover the different opportunities with Globe Labs
• Learn how to use Telco tools and various development platforms to build innovative applications
• Join the Globe Labs Challenge and compete amongst the best

PHP User Group Philippines, Inc., being one of the institution partners of Globe Labs, has been given 200 SLOTS for this upcoming big event.

We are inviting PHPUGPH members to attend. T-SHIRTS designed for PHPUGPH would be given away as freebies plus exciting raffle prizes awaits you…

***FIRST 300 individual registrants gets a GIFT***

Below are some links of articles regarding the event:
From Businessworld (Entreprenews)
http://entreprenews.com.p…in.php?id=062508.gonzalez
From the Inquirer:
http://technology.inquire…gets-3G-mobile-developers
From the Manila Times:
http://www.manilatimes.ne…htimes/20080627tech5.html
From Manila Bulletin:
http://www.mb.com.ph/INFO20080627128372.html
From PCWorld:
http://www.pcworld.com.ph…5&ID=H,485,PWP,PWP-16
From Yugatech:
http://www.yugatech.com/b…pens-globe-labs-division/
From Globe Labs website:
http://www.globelabs.com…./News/Forms/AllItems.aspx

More information here

Scrawlr, short for SQL Injector and Crawler will crawl your website and will analyze the parameters of each individual pages for SQL injection vulnerabilities. Very useful tool for small to medium sized websites. Free for the first 1,500 pages.

From HPs website:

Technical details for Scrawlr

• Identify Verbose SQL Injection vulnerabilities in URL parameters
• Can be configured to use a Proxy to access the web site
• Will identify the type of SQL server in use
• Will extract table names (verbose only) to guarantee no false positives

Scrawlr does have some limitations versus our professional solutions and our fully functional SQL Injector tool

• Will only crawls up to 1500 pages
• Does not support sites requiring authentication
• Does not perform Blind SQL injection
• Cannot retrieve database contents
• Does not support JavaScript or flash parsing
• Will not test forms for SQL Injection (POST Parameters)

It’s worth trying out.

–aj