Honeypot Compromises II Analysis
On May 7th 2006 our Red Hat 8.0 based Honeypot was attacked and successfully compromised, by exploiting a vulnerability in an installed web application, named phpAdsNew. The vulnerability allows a remote attacker to execute arbitrary commands, with the privileges of the webserver on the victim host. This flaw is due to an unspecified error in the XML-RPC library for PHP. It was first discovered in July 2005 and affects all phpAdsNew versions up to 2.0.5. The full analysis was written by Jan Göbel during his thesis work.