Cgi hack
Borek Lupomesky
Borek.Lupomesky na ujep.cz
Čtvrtek Říjen 21 12:13:09 CEST 1999
On Thu, 21 Oct 1999, Michal Belicek wrote:
> vypis z /etc/httpd/error_log:
> [Wed Oct 20 22:28:02 1999] [error] [client 212.216.3.199] script not
> found or unable to stat: /home/httpd/cgi-bin/phf
> [Wed Oct 20 22:28:03 1999] [error] [client 212.216.3.199] script not
> found or unable to stat: /home/httpd/cgi-bin/test-cgi
> [Wed Oct 20 22:28:06 1999] [error] [client 212.216.3.199] script not
> found or unable to stat: /home/httpd/cgi-bin/handler
>
> vypis z traceroute:
> a-lo5-8.tin.it (212.216.3.199)
>
> Je mozne, ze jde o pokus hackera (pravdepodobne z Italie) o vyuziti
> nejake chyby v uvedenych cgi skriptech? Nas web zadne cgi skripty
> nepouziva a adresar cgi-bin mame prazdny.
/cgi-bin/phf je klasicky exploit, stary snad tri roky nebo jeste
vic. Nikdo normalni uz ho dneska nema a normalniho hackera by snad ani
nenapadlo to jeste zkouset.
Bye Borek
--
=====================================================================
BOREK LUPOMESKY, network administrator University of J. E. Purkyne
Ceske mladeze 8
WWW: http://www.ujep.cz/~lupomesk/ Usti nad Labem, 40096
IRCnet: Borek @ #usti The Czech Republic
PGP keyid: 11D77115 ICQ: 10139578 tel: +420-602-376368
==========[ MIME/ISO-8859-2 & PGP encrypted mail welcome ]===========
Další informace o konferenci Linux