Date: Sun, 26 Jan 1997 00:16:59 -0800 (PST) From: Michael Dillon <michael@memra.com> To: freebsd-isp@FreeBSD.ORG Subject: Re: possible phf exploit? Message-ID: <Pine.BSI.3.93.970126001454.9390G-100000@sidhe.memra.com> In-Reply-To: <199701260743.DAA06284@eternal.dusk.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 26 Jan 1997, Christian Hochhold wrote: > The logs showed the attempted access as being in the following format: > > /cgi-bin/phf/Q?alias=x%ff/bin/cat%20/etc/passwd How do you think the US Air Force and the US Department of Justice websites were hacked? Grab the passwd file, run crack, log in and slash and burn. Good thing FreeBSD uses shadow passwords, eh? But the spammers use this trick too so just make sure that you delete the useless phf program from all your servers if it is still there. Michael Dillon - Internet & ISP Consulting Memra Software Inc. - Fax: +1-250-546-3049 http://www.memra.com - E-mail: michael@memra.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.93.970126001454.9390G-100000>