February 14, 2005

awexpl strikes

Filed under: Security

Just came back from holiday and reviewed apache logfile on my homeserver, I noticed that there are some wacky lines in access_log:

200.217.***.*** - - [11/Feb/2005:15:47:15 +0700]
"GET /cgi-bin/awstats.pl?configdir=|echo%20;
echo%20;id;echo%20;echo| HTTP/1.0" 404 287
200.217.***.*** - - [11/Feb/2005:15:47:45 +0700]
"GET /awstats/awstats.pl?configdir=|echo%20;
echo%20;id;echo%20;echo| HTTP/1.0" 404 287

After 2 minutes googling, I found a reference to the AWSTATS exploit. Looks like versions of awstats 6.2 and lower are vulnerable, version 6.3 has the fix.

More googling results mention that Infecktion Group claimed credit for many web defacements related to this awstats vulnerability and has reported over 400 such defacements, though it is unclear how many and whether the same attack vector was utilized.

February 5, 2005

Google getting smarter

Filed under: Security

Probably due to Santy worm, Google filtering some keywords.

Google getting smarter

But, it seems that Google guys are just searching for predefined strings…not so smart! inurl: admin.php [Blocked], inurl: admin.PHP [Pass], inurl:”admin php” [Pass], anything different than .php (for example: .pHp) will work..

who links here | Get free blog up and running in minutes with Blogsome | Theme designs available here| login