Security Incidents mailing list archives
Re: Scans from udel.edu and tue.nl
From: jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)
Date: Wed, 22 Mar 2000 09:58:21 -0500
On Wed, 22 Mar 2000, Alexandru Popa wrote:
Also, can anyone explain what exactly they've been trying to exploit by the percent-full string? It translates to /cgi-bin/query?x=<!--#exec cmd="/usr/bin/id"-->
pretty simple, really -- who is running the cgi-bin programs, nobody or root or someone else? as such, that then tells you what kinds of access they are likely to have and how you can proceed. jose nazario jose () biochemistry cwru edu PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Current thread:
- Scans from udel.edu and tue.nl Jose Nazario (Mar 21)
- Re: Scans from udel.edu and tue.nl Alexandru Popa (Mar 22)
- Re: Scans from udel.edu and tue.nl Jose Nazario (Mar 22)
- 8 hours of pinging & POP2 Paul Tero (ME IT) (Mar 22)
- Re: Scans from udel.edu and tue.nl Ryan Russell (Mar 23)
- R: Scans from udel.edu and tue.nl Gregor Sfiligoj (Mar 22)
- Linux Security slam () THEGRID NET (Mar 22)
- Re: Scans from udel.edu and tue.nl Matthew S. Hallacy (Mar 22)
- <Possible follow-ups>
- Re: Scans from udel.edu and tue.nl Fernando Cardoso (Mar 23)
- Re: Scans from udel.edu and tue.nl Ed Padin (Mar 24)
- Re: Scans from udel.edu and tue.nl Alexandru Popa (Mar 22)