Date: Mon, 27 Jan 1997 12:09:57 +0800 (HKT)
From: Doug Kwan ~{9XUq5B~} <ctkwan@cs.hku.hk>
To: Christian Hochhold <expert@dusk.net>
Cc: freebsd-isp@freebsd.org
Subject: Re: possible phf exploit?
Message-ID: <Pine.SGI.3.91.970127120818.25691A-100000@indigo10>
In-Reply-To: <199701260743.DAA06284@eternal.dusk.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 26 Jan 1997, Christian Hochhold wrote: > Evenin' > > While checking my access logs I came across a few very interesting > things.. someone trying to get to the passwd file through pfh. > The logs showed the attempted access as being in the following format: > > /cgi-bin/phf/Q?alias=x%ff/bin/cat%20/etc/passwd > Diasble phf immediately by "chmod a-x phf". Somebody is trying to get your password file. -Doug Kwan Dept. of Computer Science University of Hong Kong
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.3.91.970127120818.25691A-100000>