Mediawiki worm
Jun. 20th, 2007 07:45 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
backermanSomething's running around pwning either Mediawiki sites (symbianwiki.com in this instance) or PHP in general and inserting a 1x1 IFRAME before the !DOCTYPE header in each response; the browser exploit is hosted on a site that's been taken offline, but I'm assuming it's yet another attack against the trillions of Windows boxes that still haven't been patched with six months ago's patch cluster.
I'm not sure if it's a known attack or not, so am doing a brief writeup for ISC now. I'm from the government, and I'm here to help you.
I'm not sure if it's a known attack or not, so am doing a brief writeup for ISC now. I'm from the government, and I'm here to help you.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-06-21 09:22 pm (UTC)