[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another overflow exploit for Apache? *RESOLVED*
trihuynh@xxxxxxxxx wrote:
Yes, the script is really unsecure. Some of my clients' sites was defaced
a couple days ago. I don't know much about those dudes from CCBill, but it
looks like they don't care much about security. Here is also some other
files you should check too :
/ccbill/ccbill-local.cgi
/ccbill/secure/ccbill.log
/cgi-bin/test.cgi (sometimes these dudes at CCBill forgets to remove the
script they use to test the client's servers)
There are no reasons that any remote users to access thoses files.
This page:
http://www.xs4all.nl/~frico/exploit.htm
has a list of well-known insecure webserver scripts / paths / exploits -
including rather a lot of other CCBill references...
eg:
/admin/ccbill-.cgi
/admin/ccbill-local.cgi
/admin/ccbill-local.cgi?cmd=MENU
/admin/ccbill-local.pl?cmd=MENU
[...]
/ccbill.log
/ccbill/.memberfile
/ccbill/_vti_cnf/
/ccbill/ccbill-.cgi
/ccbill/ccbill-local.cgi
/ccbill/ccbill-local.pl
/ccbill/male/password/.htpasswd
/ccbill/members/.htpasswd
/ccbill/Msbilllog.txt
/ccbill/newpass.txt
/ccbill/password/.htpassfile
/ccbill/password/.htpasswd
/ccbill/password/.htpasswd.410
/ccbill/password/.htpasswd.bak
/ccbill/password/.htpasswd20227
/ccbill/password/.htpasswd-bak
/ccbill/password_manager/
/ccbill/secure/.htnew
/ccbill/secure/.htpasswd
/ccbill/secure/cbill.log
/ccbill/secure/ccbill.log
/cc-bill/secure/ccbill.log
/ccbill/secure/ccbill.log
/ccbill/secure/current.log
/ccbill/secure/current.log-bak
/ccbill/secure/history.dat
/ccbill/secure/password
/ccbill/secure/private_key
/ccbill/secure/purge
/ccbill/secure/secure/ccbill.log
/ccbill/secure/WS_FTP.LOG
/ccbill/secured/
/ccbill/secured/current.log-bak
/ccbill/welcome.htm
/ccbill/whereami.cgi
/ccbill2/.htpasswd
/ccbill2/access.log
/ccbill2/male/password/.htpasswd
/ccbill2/password/.htpassfile
/ccbill2/password/.htpasswd
/ccbill2/password_manager/
/ccbill2/secure/.htpasswd
/ccbill2/secure/current.log
/ccbill2/secured/.htpasswd
/ccbill2/secured/current.log
/ccbill5/secure/ccbill.log
/ccbill-local.cgi
/ccbill-local.pl
Best regards,
Tri Huynh
SentryUnion
The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. The views expressed in this e-mail are those of the individual and not necessarily of MIS Corporate Defence Solutions Ltd. Any prices quoted are only valid if followed up by a formal written quote. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723410.
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------