http://forum.weborum.com/index.php?showtopic=4709
apparently, according to http://www.neowin.net/forum/index.php?a ... 9&t=476942 this http://www.milw0rm.com/exploits/1720 is the exploit used
The script attacks IPB up to v 2.1.5 but it could be improved to attack 2.1.6 also. The perl script can be locally executed (you just need a Perl environment in your system): it adds a post with a user account specifically added to begin the attack; the script then adds a new post with strange characters and finally it enables a remote shell. The hacker that attacked us placed a WGET command to upload a web shell (r57shell.php) that gives full control over the server, so he was able to modify the index.php file of any web application he found on our server.
http://forums.invisionpower.com/index.p ... pic=220787Additional info: this kind of attack uses the Invision folders that need to be chmod 0777 like /uploads or similar.
Seems I've found a solution but I dunno,
http://forums.invisionize.com/index.php ... pic=107874
Last EDIT: FLIPPIN HECK!!!!! it seems they could do more than just put it on the forums, but they could send out some mass e-mail with a link in it according to http://www.wilderssecurity.com/showthread.php?t=121808
Maybe it would be a good idea to switch to SMF or PhpBB as muc as I hate those two systems...
Ok another edit:::
ITS THE GOD DAMN BLOODY TURKS THAT KEEP HITTING OUR IRC NETWORK WITH FLAMING SPAM http://www.bakakage.net/index.php?showt ... ode=linear seems they moved onto webservers now the pr@s
