For the curious (but lazy)... cap.txt is CVE-2006-3773 exploit
Posted Oct 12, 2006 17:53 UTC (Thu) by frazier
In reply to: For the curious (but lazy)... cap.txt is CVE-2006-3773 exploit
Parent article: Remote file inclusion vulnerabilities
Thanks for the breakdown on this.
I use SMF standalone (no Joomla) and was wondering how this exploit worked.
Using search engines to find message boards for evil is common. I get an average of 3+ fake member registrations a day. The exploit here is simple: Post spam on the message board. For about 3 years I had my board to where anyone could post without approval, but in the last 6 months it escalated to the point of stupidity, so now I have to approve people. A shame.
Here's one of many spammed over boards out there (there's some sex spam on there along with insurance, gambling, drugs, and more):
That's page 1932, and all the spam on that (and some other pages) was added today.
That poor board has been drilled. It is linked directly from their home page:
to post comments)