Linux-Bulgaria.ORG

навигация

начало

пощенски списък

архив на групата

По Дата

Re: lug-bg: httpd secirity

Subject: Re: lug-bg: httpd secirity
From: micro@email.domain.hidden (Plamen Tonev)
Date: Tue, 10 Jun 2003 10:57:45 +0300

On Mon, 09 Jun 2003 20:49:53 +0300 (EEST)
LazCorp <lazcorp_at_mail.bg> wrote:

<em class="quotelev1">> öèòèðàì  Stefan Gurdev <steve_lug_at_abv.bg>:
<em class="quotelev1">> 
<em class="quotelev2">> > Vurzan sum kum City Lan mreja. Prez nqkolko dni edin ot hostovete v
<em class="quotelev2">> > mrejata neshto si igrae s men. Eto log faila na apache-to:
<em class="quotelev2">> > 
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET ///quote.html 
<em class="quotelev1">> HTTP/1.0"
<em class="quotelev2">> > 404 272 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2">> > /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%
<em class="quotelev1">> 00
<em class="quotelev2">> > HTTP/1.0" 404 279 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "HEAD /cgi-bin/dcboard.cgi
<em class="quotelev2">> > HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2">> > /cgi-bin/nph-maillist.pl HTTP/1.0" 404 283 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2">> > /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%
<em class="quotelev1">> 00&action=view&matchview=1
<em class="quotelev2">> > HTTP/1.0" 404 280 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2">> > /cgi-bin/ustorekeeper.pl?
<em class="quotelev1">> command=goto&file=../../../../../../../../../../etc/passwd
<em class="quotelev2">> > HTTP/1.0" 404 283 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "HEAD /cgi-bin/ikonboard/
<em class="quotelev2">> > HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /foldoc/ HTTP/1.0" 
<em class="quotelev1">> 404
<em class="quotelev2">> > 0 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /cgi-bin/adcycle/
<em class="quotelev2">> > HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "GET
<em class="quotelev2">> > /cgi-bin/store.cgi?StartID=../etc/passwd%00.html HTTP/1.0" 404 277 "-"
<em class="quotelev2">> > "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /cgi-
<em class="quotelev1">> bin/bbs_forum.cgi
<em class="quotelev2">> > HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2">> > 
<em class="quotelev2">> > 
<em class="quotelev2">> > Predpolagam hosta 192.168.1.3 e zarazen s nqkakuv virus, no vse pak 
<em class="quotelev1">> nqkoi
<em class="quotelev2">> > imal li e podoen problem s tova neshto. Vuzmojno li e tova da e exploit
<em class="quotelev2">> > ili neshto ot tozi sort!!!
<em class="quotelev2">> > 
<em class="quotelev2">> > Blagodarq predvaritelno!!!
<em class="quotelev2">> > 
<em class="quotelev2">> > P.S: Znam che nivoto v tozi mail group e mnogo visoko. Tozi posting moje
<em class="quotelev2">> > bi ne e za tuk, pisah v nqkoi forumi no taka i ne poluchih kompetenten
<em class="quotelev2">> > otgovor!
<em class="quotelev2">> > 
<em class="quotelev2">> > S uvajenie, Stefan!
<em class="quotelev2">> > 
<em class="quotelev1">> 
<em class="quotelev1">> /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00
<em class="quotelev1">> /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%
<em class="quotelev1">> 00&action=view&matchview=1
<em class="quotelev1">> /cgi-bin/ustorekeeper.pl?
<em class="quotelev1">> command=goto&file=../../../../../../../../../../etc/passwd
<em class="quotelev1">> 
<em class="quotelev1">> Potrebitelq ot tozi host se opitwa da hakne Apache-to ti
<em class="quotelev1">> Nqma kakwo da se symnqwash w towa!!!
<em class="quotelev1">> Prawi opiti s s powecheto izwestni bygowe na Apache.
<em class="quotelev1">> ../../../../../../../../../../../../ -  s towa se podsiurqwa che shte 
<em class="quotelev1">> otide w glawnata papka /
<em class="quotelev1">> posle utiwa e /etc/passwd i se opitwa da iwede parolite ti

/etc/passwd? paroli? horata ot godini polzvat shadow prijateliu.


<em class="quotelev1">> chesno kazano towa e edin ot nai naludnichawite nachini za hakwane...

naludnichav? tova bi bilo standarten brute force. Nishto naludnichavo njama.dumb e dumata ;-)

za 
<em class="quotelev1">> da ti dekriptira pass (oswen ako ti ne si slojil nqkoq smeshna parola) 
<em class="quotelev1">> ili da izpolzwa baza danni ot kriptirani pasowe i da srywnqwa..mislq che 
<em class="quotelev1">> wseki znae za tezi programki :)
<em class="quotelev1">> mislq che ako si slagash dobri stabilni pasowe na  mashinata nqma da 
<em class="quotelev1">> imash nikakwi problemi nito da se pritesnqwash ot podobni nachinaniq.

Spored men *trjabva* da se pritesnjavame/te ... problemite s directory traversing
ne vodjat samo do "naludnichavo crackvane". "One shell eq one root"
Po-dobre si drysh up-to-date apache-to, otkolkoto da:

<em class="quotelev1">> i wse pak mojesh da adnesh edno prawilo wyw firewall-a si da dropish 
<em class="quotelev1">> zaqwkite ot tozi kompiutar :)))))

IP-tata se menjat, skanirashtite ne izchezvat...reshavaite po-principno neshtata
plz.

P.S: ne vjarvam da e virus ;-)

<em class="quotelev1">> Èãðàé è ñïå÷åëè Àâòîìîáèëåí Ñàëîí Ñîôèÿ 2003 - http://auto.dir.bg

Otkoga mechtaja da go spechelja toja celijat salon ;-)))

<em class="quotelev1">> -------------------------------------------------------------------
<em class="quotelev1">> Íàïðàâè ñè àäðåñ â mail.bG - http://mail.bg/new/
<em class="quotelev1">> 
<em class="quotelev1">> ============================================================================
<em class="quotelev1">> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
<em class="quotelev1">> http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
<em class="quotelev1">> To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
<em class="quotelev1">> ============================================================================


-- 
"Life is short - pray hard."

Man is certainly stark mad: He cannot make a flea,
yet he makes gods by the dozens. - Montaigne

--------------------------------------------------------
Public PGP key at: http://www.fadata.bg/pgp/micropgp.asc
--------------------------------------------------------


============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

<hr>

Attachment: part
Description: PGP signature

Относно:
- Re: lug-bg: httpd secirity
  - Изпратено от: lazcorp@email.domain.hidden (LazCorp)

Предишно по дата: Re: lug-bg: httpd secirity
Следващо по дата: RE: lug-bg: Seminar 2003 -WEB
Предишно по тема: RE: lug-bg: httpd secirity
Следващо по тема: Re: Re: lug-bg: httpd secirity
Индекс:
- По дата
- По тема

наши приятели

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

Linux-Bulgaria.ORG