Month of PHP Bugs: 31 days, 44 vulns

The result of Month of PHP Bugs (aka MoPB) was 44 separate vulnerabilities. There was ‘only’ 31 days in March.

The project page states that PoC/Exploit for MOPB-38-2007MOPB-44-2007 is coming “Soon”.

Share
  • http://www.hardened-php.net Stefan Esser

    Sorry for the comming soon thing…

    The sections usually already come with an example that demonstrates the exploit and with a little work most of the exploits are straight forward.

    However in the end of the MOPB I got a little bit ill and therefore the texts got shorter and exploits are missing.

    Yeah “The Return of the MOPB” will be better prepared…

  • Cail

    SPI Dynamics did a mid-month and full month review of MOPB, along with some stats and other related PHP security stuff (like why there are so many phpinfo.php files scattered about the Internet). You can read it at:
    http://portal.spidynamics.com/blogs/jeff/archive/2007/04/03/The-current-state-of-PHP-security-_2800_w_2F00_-MOPB-full-review_2900_.aspx

  • http://www.hardened-php.net Stefan Esser

    You should not trust commits by the PHP Security Team.

    The “FIX” for mb_parse_str() is not a fix at all. It might stop the supplied exploit but it does not fix the problem at all.

  • http://networksecurity.typepad.com/ Juha-Matti

    Thanks for sharing the additional information!
    The main point in the entry was to summarize the overall number of vulnerabilities handled.

  • Pingback: SecuriTeam Blogs » Fixes for MoPB - how about M.O.M.B.Y.?