lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <864282DC-252D-11D8-82C8-000393754328@veedev.de>
From: chorchert at veedev.de (Christian Horchert)
Subject: file inclusion (les visiteurs)

Am 02.12.2003 um 23:20 schrieb gazpa:
> If you analize the url and the msg send by Evert, it's only a extract 
> of
> his apache (or webserver) log.

I know. They try to find out if that installation is vulnerable,
what's running and so on.

> I understand that it is only an advise of what has find on his
> webserver, warning others of a possible atack if they have 'les
> visiteurs' installed.

What do you think would have happened if Evert did not read Bugtraq
and applied the patch? Do you think they would send him an email like
"Hey Evert, you have a funky version of Les Visiteurs installed. 
Consider
a patch or use another maintained software for your purpose".
I don't really think so, but I can be completely wrong as I
mentioned before.

> The exploiting, injections and webscan in google (xD) is made by 
> *XfTeam*,
> a hacker or kiddies (as you want) group. The group that the
> warning is about.

First of all: I neigther call them hackers nor kiddies. Second: For me
it doesn't really matter if they (or whoever) call themself "XfTeam" or
"XFree Team" or "Bastard Brownies from Hell", I was refering to the
self advertised website defacements, no matter how they did it and whose
exploits they use.

> If I'm wrong, Evert, correct me.
> I think that it is a security realted post, and blames are out of 
> contest.

I blamed the ppl trying to exploit this vulnerability, not Evert, 
because
it's interessting to see, at least for me it is.

Ahh, gotcha now. You simply misunderstood the intention of the other
posts. Guess we talk at cross purposes ...

   Christian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ