They might have used an apache user discosure bug
that allows you to check user names vs. passwords.. I think it's made by w00w00.
It will check the user names and passes, if it finds one that works it will
login via FTP to make sure.
|
- [Full-Disclosure] Apache 1.3.29 VeNoMouS
- Re: [Full-Disclosure] Apache 1.3.29 Jarrod SMith
- Re: [Full-Disclosure] Apache 1.3.29 d4rkgr3y
- Re: [Full-Disclosure] Apache 1.3.29 Jarrod SMith
- Re: [Full-Disclosure] Apache 1.3.29 Cedric Blancher
- Re: [Full-Disclosure] Apache 1.3.29 bart2k