RE: vulnerability in glocation.cgi?

["Schmehl, Paul L" <pauls () utdallas edu>]

> -----Original Message-----
> From: Christine Kronberg [mailto:Christine_Kronberg () genua de] 
> Sent: Thursday, January 08, 2004 12:18 PM
> To: incidents () securityfocus com
> Subject: vulnerability in glocation.cgi?
>
>   I just checked my private webserver and found several attempts
>   to perform an "ls -la" via glocation.cgi. I never had such an
>   cgi on my server. I googled but all I found was a hint that this
>   problem may have occurred somewhen in august 2003.

I used AltaVista and found entries dating back to May of 2003, but I
couldn't find anything about the script itself.

There's obviously some sort of exploit for that script, but I couldn't
even find any mention of it at SecurityFocus or SANS.  Really odd...

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

---------------------------------------------------------------------------
----------------------------------------------------------------------------