Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Apache 1.3.29
From: "Jarrod SMith" <SirSlappy () cox-internet com>
Date: Thu, 11 Mar 2004 17:02:47 -0600

They might have used an apache user discosure bug that allows you to check user names vs. passwords.. I think it's made 
by w00w00. It will check the user names and passes, if it finds one that works it will login via FTP to make sure.  

  ----- Original Message ----- 
  From: VeNoMouS 
  To: full-disclosure () lists netsys com 
  Sent: Thursday, March 11, 2004 2:38 PM
  Subject: [Full-disclosure] Apache 1.3.29

  any one know if theres a new exploit for apache 1.3.29 in the wild one of my mates boxes was breached this morning by 
ir4dex appears they gained axx via apache then got root via mmap()

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]