lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200403120748.05069.d4rk@securitylab.ru>
From: d4rk at securitylab.ru (d4rkgr3y)
Subject: Apache 1.3.29

> They might have used an apache user discosure bug that allows you to check
> user names vs. passwords.. I think it's made by w00w00. It will check the
> user names and passes, if it finds one that works it will login via FTP to
> make sure.
It's made by me and you can find it on m00.void.ru/release.html


>   ----- Original Message -----
>   From: VeNoMouS
>   To: full-disclosure@...ts.netsys.com
>   Sent: Thursday, March 11, 2004 2:38 PM
>   Subject: [Full-Disclosure] Apache 1.3.29
>
>
>   any one know if theres a new exploit for apache 1.3.29 in the wild one of
> my mates boxes was breached this morning by ir4dex appears they gained axx
> via apache then got root via mmap()
I could hardly imagine that such exploit code is realy exist. I think that 
your server was hacked via vulnerability in additional apache mods. Like 
mod_ssl, mod_php, mod_gzip, mod_python, etc.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ