Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [VULN-DEV] Re: VERY POOR TITLE... master.cgi

From: Joe <joe () blarg net>
Date: Sun, 3 Jun 2001 10:29:45 -0700 (PDT)
On Fri, 1 Jun 2001, John wrote:



Hi KF I couldn't find any reference to this script except
for one and that turned up nothing. I talked to the vendor for
about two days and it turned out that he was not the author of
the script I was looking for, but he decided to review all of
his source code after talking with me =) I ask the list for help
because an associate of mine found a exploit on an compromised
machine for master.cgi, so, I wanted to get in contact with the
vendor to see if they know about this vulnerability. Also,
sorry for the mistake on the subject.


It's possible the CGI that was compromised is distributed under a different
name than the one you found. What form element names get passed to it, and
more importantly, what is the CGI supposed to do? These two bits of
information will probably identify it fairly quickly.

--
Joe                                     Technical Support
General Support:  support () blarg net     Blarg! Online Services, Inc.
Voice:  425/401-9821 or 888/66-BLARG    http://www.blarg.net
Previous By Date Next
Previous By Thread Next

Current thread: