hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Linux & Unix Systems
zero-maitimax
Jan 15 2004, 02:54 PM
i question i found this site.. DONT POST ADDRESSES!!!!
and i look in the source..

<!--
DOCUMENT_ROOT = /usr/local/etc/httpd/htdocs
GATEWAY_INTERFACE = CGI/1.1
HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
HTTP_ACCEPT_LANGUAGE = en-us
HTTP_CONNECTION = Keep-Alive
HTTP_HOST = www.fantasy-967.de
HTTP_REFERER = http://www.fantasy-967.de
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
HTTP_VIA = 1.0 PXYNLUT001, 1.0 PXYNLAD003
PATH = /bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin
QUERY_STRING =
REDIRECT_STATUS = 200
REDIRECT_URL = /imanager/
REMOTE_ADDR = 144.44.150.151
REMOTE_PORT = 52204
REQUEST_METHOD = GET
REQUEST_URI = /imanager/
SCRIPT_FILENAME = /usr/local/etc/httpd/htdocs/imanager/index.cgi
SCRIPT_NAME = /imanager/index.cgi
SERVER_ADDR = 213.198.48.8
SERVER_ADMIN = service@kern.info
SERVER_NAME = fantasy-967.de
SERVER_PORT = 80
SERVER_PROTOCOL = HTTP/1.0
SERVER_SIGNATURE =
SERVER_SOFTWARE = Apache/1.3.27 OpenSSL/0.9.6 (Unix)
USER = fant45

-->

so i was wondering is there a exploit of vuln of these software?
Reaper527
Jan 15 2004, 11:06 PM
well, i found an exploit, but it appears that 0.9.6 is the first version this doesn't work on sad.gif here is the info if you want to check it out

http://www.securityfocus.com/bid/5363/info/

and here is the exploit if you want to try anyways too see what happens

http://www.securityfocus.com/data/vulnerab...ts/OpenFuckV2.c
raif
Jan 16 2004, 02:53 AM
i have some sites that i always go to to find exploits:

Security Focus
PacketStorm
K-otic
SecuriTeam

hope this bit of info helps smile.gif
ST.
Feb 7 2004, 12:16 AM
and a few good russian sites:
http://www.security.nnov.ru/
http://www.securitylab.ru/25224.html
Dust
Feb 7 2004, 03:09 PM
Hi,

Any exploit or idea for an Apache 1.3.27 server running RedHat Linux (unknown version) with the following specifications:
mod_ssl/2.8.12
OpenSSL/0.96
DAV/1.0.2
PHP/4.1.2
mod_perl/1.24_01
flashb4ck
Feb 10 2004, 10:23 PM
i am searching also 4 a good one ...
i have only seen buffer overflows yet that only will crash the server and build over 1000 error msg wink.gif


thx 4 help



gr€€tZ fL4Shb4Ck
barty32
Feb 12 2004, 01:40 PM
has anybody an idea how to find out the Linux version?

thx
w00dy
Feb 13 2004, 05:22 AM
uname -a ... or something like that.. im not a linux fan, more unix/bsd
radien
Feb 14 2004, 07:01 AM


cat /proc/version

or

uname -a

both work smile.gif
bitwild
Feb 19 2004, 10:51 AM
just check ICAT METABASE ?!

:apache 1.3.27
CAN-2003-0542

:openssl < 0.9.6
CAN-2003-0545
CAN-2003-0544
CAN-2003-0543
CAN-2003-0147
...
CAN-2002-0656
...

i think there are many exploits around
for the stuff mentioned above...

just search it | code it yourself?!



This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.