Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Apache 1.3.29
From: d4rkgr3y <d4rk () securitylab ru>
Date: Fri, 12 Mar 2004 07:48:05 +0300

They might have used an apache user discosure bug that allows you to check
user names vs. passwords.. I think it's made by w00w00. It will check the
user names and passes, if it finds one that works it will login via FTP to
make sure.
It's made by me and you can find it on m00.void.ru/release.html

  ----- Original Message -----
  From: VeNoMouS
  To: full-disclosure () lists netsys com
  Sent: Thursday, March 11, 2004 2:38 PM
  Subject: [Full-disclosure] Apache 1.3.29

  any one know if theres a new exploit for apache 1.3.29 in the wild one of
my mates boxes was breached this morning by ir4dex appears they gained axx
via apache then got root via mmap()
I could hardly imagine that such exploit code is realy exist. I think that 
your server was hacked via vulnerability in additional apache mods. Like 
mod_ssl, mod_php, mod_gzip, mod_python, etc.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]