Help with cgi script attack
Tod Merley
todbot88 at gmail.com
Sat Mar 18 08:00:38 UTC 2006
On 3/17/06, Knute Johnson <knute at frazmtn.com> wrote:
>
> I need some help finding the correct place to go to get specific
> help. We have a script that uses sendmail to send form data to the
> site owner. Last night somebody managed to use it to send thousands
> of spam emails. I need to find the right place to ask about the
> script to determine exactly how the attack was accomplished so we can
> fix the script. Any direction would be greatly appreciated.
>
> Thanks,
>
>
>
> --
> Knute Johnson
> Molon Labe...
>
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
Hi Knute Johnson!
This may be a place to get some background:
http://www-src.lip6.fr/homepages/Fabrice.Legond-Aubry/www.ouah.org/cgi-exploitation.txt
And then look at the issue from a security standpoint:
http://www.w3.org/Security/Faq/wwwsf4.html
Some other places of interest:
http://www.cert.org/
http://www.sans.org/rr/whitepapers/securecode/ (note last entry)
>From what I am reading hear, CGI tends to have many vulnerabilities. Deploy
with extreme care only!!
God Give Us Strength Please!
Tod
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060318/38b7efe0/attachment-0001.htm>
More information about the fedora-list
mailing list