Dear Nick FitzGerald, --Monday, January 14, 2008, 2:52:23 PM, you wrote to full-disclosure@lists.grok.org.uk:
NF> Ummmm -- the only part of that likely to be relevant here is the last. NF> These kinds of web page "compromises" are typically achieved through NF> bad/ill-configured/non-updated server-side web applications (or NF> their underlying script engines) and are typically achieved without NF> requiring any more special or privileged access to the victim sites NF> than the ability to run a clever Google search or your own NF> brute-force spidering via a bot-net, etc. During last few months, we monitor mass infection attempts through stollen FTP passwords. Yes, web exploitation scenario is also possible. These are automated exploitation requests received during a single day: http://securityvulns.com/files/exprequests.txt In this case there is a quick workaround (and also a good security practice) of disabling write access for web server account. Of cause, investigation is required anyway. -- ~/ZARAZA http://securityvulns.com/ Всегда будем рады послушать ваше чириканье (Твен) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/