[9621] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Website Pro v2.0 (NT) Configuration Issues

daemon@ATHENA.MIT.EDU (Christian Antkow)
Tue Feb 16 23:17:35 1999

Date: 	Tue, 16 Feb 1999 17:45:09 -0600
Reply-To: Christian Antkow <xian@IDSOFTWARE.COM>
From: Christian Antkow <xian@IDSOFTWARE.COM>
To: BUGTRAQ@NETSPACE.ORG

 As some of you might be aware, our website (www.idsoftware.com) was hacked
this morning using the "out-of-the-box" features of Website Pro 2.0. The
perpetrator used /cgi-dos/args.bat as well as /cgi-win/uploader.exe to
upload new files and overwrite our index.html file with a "Free Kevin"
webpage (identical to the opening page of www.2600.com).

 Any admins out there running Website Pro for NT might want to double check
your security settings, and possibly remove these demo files if you don't
have an explicit need for them to exist.

 Cheers,

 -Xian


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[9621] in bugtraq

Website Pro v2.0 (NT) Configuration Issues

daemon@ATHENA.MIT.EDU (Christian Antkow)Tue Feb 16 23:17:35 1999

daemon@ATHENA.MIT.EDU (Christian Antkow)
Tue Feb 16 23:17:35 1999