lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <af406b77050928073836226c13@mail.gmail.com>
Date: Wed Sep 28 15:38:32 2005
From: ademar.gonzalez at gmail.com (Ademar Gonzalez)
Subject: (no subject)

Hi Aditya

On 9/28/05, Aditya Deshmukh
<aditya.deshmukh@...ine.gateway.strangled.net> wrote:
> Recently 2 days ago I saw this in a compromised system.
>
>
> Both this file and cpshost.dll were deleted from C:\InetPub\scripts
> This file was recovered but I was unable to recover cpshost.dll....
>
>
> Anyone know what is this ?
>

It is a upload script, cpshost.dll is the Posting Acceptor ActiveX control :

http://support.microsoft.com/kb/q230298/


>
> <% Response.Buffer = TRUE %>
>
>         Version=1.5
> <%
>         PathToPA = "http://" + Request.ServerVariables("SERVER_NAME") +
> "/scripts/cpshost.dll"
>
>
>         PostingURL = PathToPA + "?PUBLISH"
>
>         TargetURL = "http://" + Request.ServerVariables("SERVER_NAME")
> %>
>
>         [{8B14B770-748C-11D0-A309-00C04FD7CFC5}]
>         PostingURL="<%= PostingURL %>"
>         TargetURL="<%= TargetURL %>"
>         ComponentInstall="yes"
>

ciao ciao
ademar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ