Worm "Santy.C" problem for TikiWiki?

posts: 7 Austria

I've a question about "Santy.C"

Santy.C is a worm attaking sites written in PHP.
A discription of the worm can be found here
Is this worm a security risk for TikiWiki too?

posts: 49 Uruguay
AFAIK that worm, more than target PHP, it targets phpbb, exploiting a php vulnerability, so that particular worm should not be a problem for TikiWiki, but, anyway, you should upgrade your php to prevent some manual exploit.
posts: 7 Austria

I think you're talking about Synty.A.
But there are two new , more aggressive versions!

posts: 2881 United Kingdom

It could be used against most PHP applications including TikiWiki and TikiPro

Damian santa

posts: 6 United States

Just to clarify.... based on the given info about the worm:
"It targets ANY .PHP page/script vulnerable to a remote file inclusion
(programming) flaw these vulnerabilities are independent from the PHP version, they result from common coding mistakes"

TW does, in fact, have these "common coding mistakes" in there by default?

Is there a certain string I can grep for to try and help commit some fixes?

Or, damian, do you mean that if a user took the codebase and added their own custom code/plugins, they can open themselves up to attack?

posts: 2881 United Kingdom

Im not sure on a specific string to grep for.

Any modifications made by a user could well open it up, I mean there is no-way we could ever protect against changes made by the user.

A concern is the amount of places which need to be open as Apache writable. And basically all compiled Smarty templates in templates_c are basically .php files. It might be interesting to also raise this with the Smarty dudes.


Upcoming Events

No records to display

Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.