|
|
Re: Re: lug-bg: httpd secirity
- Subject: Re: Re: lug-bg: httpd secirity
- From: steve_lug@email.domain.hidden (Stefan Gurdev)
- Date: Tue, 10 Jun 2003 00:11:33 +0300 (EEST)
Tova sus sigornost e nqkakva programa za ataka na apache web server, zashtoto sa izvursheni mnogo operacii za edna secunda, koeto ruchno ne moje da stane. Interesnoto e zashto toq scapan exploit tursi faila /etc/passwd Ot nego nai mnogo da nauchi istinskoto mi ime. Absoliutno e sigorno che edva li ima nqkoi koito da ne izpolzva shadows password!!! :)
<p><p><em class="quotelev1"> >-------- Îðèãèíàëíî ïèñìî --------
<em class="quotelev1"> >Îò: LazCorp <lazcorp_at_mail.bg>
<em class="quotelev1"> >Îòíîñíî: Re: lug-bg: httpd secirity
<em class="quotelev1"> >Äî: lug-bg_at_linux-bulgaria.org
<em class="quotelev1"> >Èçïðàòåíî íà: Ïîíåäåëíèê, 2003, Þíè 9 20:49:53 EEST
<em class="quotelev1"> >----------------------------------
<em class="quotelev1"> >
<em class="quotelev1"> >öèòèðàì Stefan Gurdev <steve_lug_at_abv.bg>:
<em class="quotelev1"> >
<em class="quotelev2"> >> Vurzan sum kum City Lan mreja. Prez nqkolko dni edin ot hostovete v
<em class="quotelev2"> >> mrejata neshto si igrae s men. Eto log faila na apache-to:
<em class="quotelev2"> >>
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET ///quote.html
<em class="quotelev1"> >HTTP/1.0"
<em class="quotelev2"> >> 404 272 "-" "-"
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2"> >> /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%
<em class="quotelev1"> >00
<em class="quotelev2"> >> HTTP/1.0" 404 279 "-" "-"
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "HEAD /cgi-bin/dcboard.cgi
<em class="quotelev2"> >> HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2"> >> /cgi-bin/nph-maillist.pl HTTP/1.0" 404 283 "-" "-"
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2"> >> /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%
<em class="quotelev1"> >00&action=view&matchview=1
<em class="quotelev2"> >> HTTP/1.0" 404 280 "-" "-"
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2"> >> /cgi-bin/ustorekeeper.pl?
<em class="quotelev1"> >command=goto&file=../../../../../../../../../../etc/passwd
<em class="quotelev2"> >> HTTP/1.0" 404 283 "-" "-"
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "HEAD /cgi-bin/ikonboard/
<em class="quotelev2"> >> HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /foldoc/ HTTP/1.0"
<em class="quotelev1"> >404
<em class="quotelev2"> >> 0 "-" "-"
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /cgi-bin/adcycle/
<em class="quotelev2"> >> HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "GET
<em class="quotelev2"> >> /cgi-bin/store.cgi?StartID=../etc/passwd%00.html HTTP/1.0" 404 277 "-"
<em class="quotelev2"> >> "-"
<em class="quotelev2"> >> 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /cgi-
<em class="quotelev1"> >bin/bbs_forum.cgi
<em class="quotelev2"> >> HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2"> >>
<em class="quotelev2"> >>
<em class="quotelev2"> >> Predpolagam hosta 192.168.1.3 e zarazen s nqkakuv virus, no vse pak
<em class="quotelev1"> >nqkoi
<em class="quotelev2"> >> imal li e podoen problem s tova neshto. Vuzmojno li e tova da e exploit
<em class="quotelev2"> >> ili neshto ot tozi sort!!!
<em class="quotelev2"> >>
<em class="quotelev2"> >> Blagodarq predvaritelno!!!
<em class="quotelev2"> >>
<em class="quotelev2"> >> P.S: Znam che nivoto v tozi mail group e mnogo visoko. Tozi posting moje
<em class="quotelev2"> >> bi ne e za tuk, pisah v nqkoi forumi no taka i ne poluchih kompetenten
<em class="quotelev2"> >> otgovor!
<em class="quotelev2"> >>
<em class="quotelev2"> >> S uvajenie, Stefan!
<em class="quotelev2"> >>
<em class="quotelev1"> >
<em class="quotelev1"> >/cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00
<em class="quotelev1"> >/cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%
<em class="quotelev1"> >00&action=view&matchview=1
<em class="quotelev1"> >/cgi-bin/ustorekeeper.pl?
<em class="quotelev1"> >command=goto&file=../../../../../../../../../../etc/passwd
<em class="quotelev1"> >
<em class="quotelev1"> >Potrebitelq ot tozi host se opitwa da hakne Apache-to ti
<em class="quotelev1"> >Nqma kakwo da se symnqwash w towa!!!
<em class="quotelev1"> >Prawi opiti s s powecheto izwestni bygowe na Apache.
<em class="quotelev1"> >../../../../../../../../../../../../ - s towa se podsiurqwa che shte
<em class="quotelev1"> >otide w glawnata papka /
<em class="quotelev1"> >posle utiwa e /etc/passwd i se opitwa da iwede parolite ti
<em class="quotelev1"> >chesno kazano towa e edin ot nai naludnichawite nachini za hakwane...za
<em class="quotelev1"> >da ti dekriptira pass (oswen ako ti ne si slojil nqkoq smeshna parola)
<em class="quotelev1"> >ili da izpolzwa baza danni ot kriptirani pasowe i da srywnqwa..mislq che
<em class="quotelev1"> >wseki znae za tezi programki :)
<em class="quotelev1"> >mislq che ako si slagash dobri stabilni pasowe na mashinata nqma da
<em class="quotelev1"> >imash nikakwi problemi nito da se pritesnqwash ot podobni nachinaniq.
<em class="quotelev1"> >i wse pak mojesh da adnesh edno prawilo wyw firewall-a si da dropish
<em class="quotelev1"> >zaqwkite ot tozi kompiutar :)))))
<em class="quotelev1"> >Èãðàé è ñïå÷åëè ñ Àâòîìîáèëåí Ñàëîí Ñîôèÿ 2003 - http://auto.dir.bg
<em class="quotelev1"> >-------------------------------------------------------------------
<em class="quotelev1"> >Íàïðàâè ñè àäðåñ â mail.bG - http://mail.bg/new/
<em class="quotelev1"> >
<em class="quotelev1"> >============================================================================
<em class="quotelev1"> >A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
<em class="quotelev1"> >http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
<em class="quotelev1"> >To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
<em class="quotelev1"> >============================================================================
<em class="quotelev1"> >
-----------------------------------------------------------------
http://www.MURA.bg - Ãìóðíè ñå â èãðàòà!
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|
|
|