[Full-disclosure] what is this?
3APA3A
3APA3A at SECURITY.NNOV.RU
Mon Jan 14 15:15:50 GMT 2008
Dear Nick FitzGerald,
--Monday, January 14, 2008, 2:52:23 PM, you wrote to full-disclosure at lists.grok.org.uk:
NF> Ummmm -- the only part of that likely to be relevant here is the last.
NF> These kinds of web page "compromises" are typically achieved through
NF> bad/ill-configured/non-updated server-side web applications (or
NF> their underlying script engines) and are typically achieved without
NF> requiring any more special or privileged access to the victim sites
NF> than the ability to run a clever Google search or your own
NF> brute-force spidering via a bot-net, etc.
During last few months, we monitor mass infection attempts through
stollen FTP passwords.
Yes, web exploitation scenario is also possible. These are automated
exploitation requests received during a single day:
http://securityvulns.com/files/exprequests.txt
In this case there is a quick workaround (and also a good security
practice) of disabling write access for web server account. Of cause,
investigation is required anyway.
--
~/ZARAZA http://securityvulns.com/
Всегда будем рады послушать ваше чириканье (Твен)
Full-Disclosure is hosted and sponsored by Secunia.