From owner-freebsd-isp Sun Jan 26 00:17:15 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA26143 for isp-outgoing; Sun, 26 Jan 1997 00:17:15 -0800 (PST) Received: from DNS.Lamb.net (root@DNS.Lamb.net [207.90.181.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA26137 for ; Sun, 26 Jan 1997 00:17:13 -0800 (PST) Received: from PacBell.TelcoSucks.org (ulf@PacBell.TelcoSucks.org [207.90.181.5]) by DNS.Lamb.net (8.8.5/20.74.3.14) with SMTP id AAA21015; Sun, 26 Jan 1997 00:17:17 -0800 (PST) Message-Id: <3.0.32.19970126001859.00b2f434@Gatekeeper-3.Lamb.net> X-Sender: ulf@Gatekeeper-3.Lamb.net X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Sun, 26 Jan 1997 00:19:00 -0800 To: Christian Hochhold , freebsd-isp@FreeBSD.ORG From: Ulf Zimmermann Subject: Re: possible phf exploit? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk This an old thing. I am getting serveral hits per month, trying that. Ulf. At 03:43 AM 1/26/97 -0400, Christian Hochhold wrote: >Evenin' > >While checking my access logs I came across a few very interesting >things.. someone trying to get to the passwd file through pfh. >The logs showed the attempted access as being in the following format: > >/cgi-bin/phf/Q?alias=x%ff/bin/cat%20/etc/passwd > >I don't run phf (nor have I checked it out per say), however >to someone who does know/use phf this might prove interesting. > >Comments? =) > >Christian > > ----------------------------------------------------------- Alameda Networks, Inc. | Ulf Zimmermann (ulf@Alameda.net) 1525 Pacific Avenue | Phone: (510)769-2936 Alameda, CA 94501 | Fax : (510)521-5073