Re: lug-bg: httpd secirity

Tue, 10 Jun 2003 01:07:36 -0700 

On Mon, 09 Jun 2003 20:49:53 +0300 (EEST)
LazCorp <[EMAIL PROTECTED]> wrote:

> цитирам  Stefan Gurdev <[EMAIL PROTECTED]>:
> 
> > Vurzan sum kum City Lan mreja. Prez nqkolko dni edin ot hostovete v
> > mrejata neshto si igrae s men. Eto log faila na apache-to:
> > 
> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET ///quote.html 
> HTTP/1.0"
> > 404 272 "-" "-"
> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
> > /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%
> 00
> > HTTP/1.0" 404 279 "-" "-"
> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "HEAD /cgi-bin/dcboard.cgi
> > HTTP/1.0" 404 0 "-" "-"
> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
> > /cgi-bin/nph-maillist.pl HTTP/1.0" 404 283 "-" "-"
> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
> > /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%
> 00&action=view&matchview=1
> > HTTP/1.0" 404 280 "-" "-"
> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
> > /cgi-bin/ustorekeeper.pl?
> command=goto&file=../../../../../../../../../../etc/passwd
> > HTTP/1.0" 404 283 "-" "-"
> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "HEAD /cgi-bin/ikonboard/
> > HTTP/1.0" 404 0 "-" "-"
> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /foldoc/ HTTP/1.0" 
> 404
> > 0 "-" "-"
> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /cgi-bin/adcycle/
> > HTTP/1.0" 404 0 "-" "-"
> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "GET
> > /cgi-bin/store.cgi?StartID=../etc/passwd%00.html HTTP/1.0" 404 277 "-"
> > "-"
> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /cgi-
> bin/bbs_forum.cgi
> > HTTP/1.0" 404 0 "-" "-"
> > 
> > 
> > Predpolagam hosta 192.168.1.3 e zarazen s nqkakuv virus, no vse pak 
> nqkoi
> > imal li e podoen problem s tova neshto. Vuzmojno li e tova da e exploit
> > ili neshto ot tozi sort!!!
> > 
> > Blagodarq predvaritelno!!!
> > 
> > P.S: Znam che nivoto v tozi mail group e mnogo visoko. Tozi posting moje
> > bi ne e za tuk, pisah v nqkoi forumi no taka i ne poluchih kompetenten
> > otgovor!
> > 
> > S uvajenie, Stefan!
> > 
> 
> /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00
> /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%
> 00&action=view&matchview=1
> /cgi-bin/ustorekeeper.pl?
> command=goto&file=../../../../../../../../../../etc/passwd
> 
> Potrebitelq ot tozi host se opitwa da hakne Apache-to ti
> Nqma kakwo da se symnqwash w towa!!!
> Prawi opiti s s powecheto izwestni bygowe na Apache.
> ../../../../../../../../../../../../ -  s towa se podsiurqwa che shte 
> otide w glawnata papka /
> posle utiwa e /etc/passwd i se opitwa da iwede parolite ti

/etc/passwd? paroli? horata ot godini polzvat shadow prijateliu.


> chesno kazano towa e edin ot nai naludnichawite nachini za hakwane...

naludnichav? tova bi bilo standarten brute force. Nishto naludnichavo njama.dumb e 
dumata ;-)

za 
> da ti dekriptira pass (oswen ako ti ne si slojil nqkoq smeshna parola) 
> ili da izpolzwa baza danni ot kriptirani pasowe i da srywnqwa..mislq che 
> wseki znae za tezi programki :)
> mislq che ako si slagash dobri stabilni pasowe na  mashinata nqma da 
> imash nikakwi problemi nito da se pritesnqwash ot podobni nachinaniq.

Spored men *trjabva* da se pritesnjavame/te ... problemite s directory traversing
ne vodjat samo do "naludnichavo crackvane". "One shell eq one root"
Po-dobre si drysh up-to-date apache-to, otkolkoto da:

> i wse pak mojesh da adnesh edno prawilo wyw firewall-a si da dropish 
> zaqwkite ot tozi kompiutar :)))))

IP-tata se menjat, skanirashtite ne izchezvat...reshavaite po-principno neshtata
plz.

P.S: ne vjarvam da e virus ;-)

> Играй и спечели Автомобилен Салон София 2003 - http://auto.dir.bg

Otkoga mechtaja da go spechelja toja celijat salon ;-)))

> -------------------------------------------------------------------
> Направи си адрес в mail.bG - http://mail.bg/new/
> 
> ============================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
> http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
> To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
> ============================================================================


-- 
"Life is short - pray hard."

Man is certainly stark mad: He cannot make a flea,
yet he makes gods by the dozens. - Montaigne

--------------------------------------------------------
Public PGP key at: http://www.fadata.bg/pgp/micropgp.asc
--------------------------------------------------------

Attachment: pgp00000.pgp
Description: PGP signature

  • ... Stefan Gurdev
    • ... Борис Йорданов
    • ... LazCorp
      • ... Peter An. Zyumbilev
      • ... Plamen Tonev
    • ... Stefan Gurdev
      • ... Politik Politik
        • ... Борис Йорданов

Reply via email to