Security Incidents mailing list archives
RE: vulnerability in glocation.cgi?
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Fri, 9 Jan 2004 16:39:32 -0600
-----Original Message----- From: Christine Kronberg [mailto:Christine_Kronberg () genua de] Sent: Thursday, January 08, 2004 12:18 PM To: incidents () securityfocus com Subject: vulnerability in glocation.cgi? I just checked my private webserver and found several attempts to perform an "ls -la" via glocation.cgi. I never had such an cgi on my server. I googled but all I found was a hint that this problem may have occurred somewhen in august 2003.
I used AltaVista and found entries dating back to May of 2003, but I couldn't find anything about the script itself. There's obviously some sort of exploit for that script, but I couldn't even find any mention of it at SecurityFocus or SANS. Really odd... Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: vulnerability in glocation.cgi? Schmehl, Paul L (Jan 12)
- Re: vulnerability in glocation.cgi? Valdis . Kletnieks (Jan 12)