Re: what is this?

[3APA3A <3APA3A () SECURITY NNOV RU>]

Dear Nick FitzGerald,

--Monday, January 14, 2008, 2:52:23 PM, you wrote to full-disclosure () lists grok org uk:


NF> Ummmm -- the only part of that likely to be relevant here is the last.

NF> These kinds of web page "compromises" are typically achieved through
NF> bad/ill-configured/non-updated   server-side  web  applications  (or
NF> their  underlying script engines) and are typically achieved without
NF> requiring  any more special or privileged access to the victim sites
NF> than  the  ability  to  run  a  clever  Google  search  or  your own
NF> brute-force spidering via a bot-net, etc.

During  last  few  months,  we  monitor  mass infection attempts through
stollen  FTP passwords.

Yes,  web  exploitation  scenario  is also possible. These are automated
exploitation requests received during a single day:

http://securityvulns.com/files/exprequests.txt

In  this  case  there  is  a  quick workaround (and also a good security
practice)  of  disabling  write access for web server account. Of cause,
investigation is required anyway.


-- 
~/ZARAZA http://securityvulns.com/
Всегда будем рады послушать ваше чириканье (Твен)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/