For the curious (but lazy)... cap.txt is CVE-2006-3773 exploit

Posted Oct 12, 2006 17:53 UTC (Thu) by frazier (guest, #3060)
In reply to: For the curious (but lazy)... cap.txt is CVE-2006-3773 exploit by samj
Parent article: Remote file inclusion vulnerabilities

Thanks for the breakdown on this.

I use SMF standalone (no Joomla) and was wondering how this exploit worked.

Using search engines to find message boards for evil is common. I get an average of 3+ fake member registrations a day. The exploit here is simple: Post spam on the message board. For about 3 years I had my board to where anyone could post without approval, but in the last 6 months it escalated to the point of stupidity, so now I have to approve people. A shame.

Here's one of many spammed over boards out there (there's some sex spam on there along with insurance, gambling, drugs, and more):
http://wrfl881.org/forum/viewtopic.php?t=123&postdays...

That's page 1932, and all the spam on that (and some other pages) was added today.

That poor board has been drilled. It is linked directly from their home page:
http://wrfl881.org/

-Brock