Hosting Provided By

Re: Another overflow exploit for Apache?

From: Bill Pennington <billp(at)boarder.org>
Date: Thu Jul 03 2003 - 12:12:38 EDT

Another thing you might want to watch for is a web application flaw. Maybe a flaw in a php page that allowed an attacker to insert PHP commands into a page? I would have a line-by-line look at your access_log and error_log around the time the file was put on the server.

I would be happy to take a look at the logs if you need some assistance.

On Thursday, July 3, 2003, at 08:17 AM, shimi wrote:

>
> stupid question (but since you didn't mention, i have to ask): is

---
Bill Pennington, CISSP, CCNA
Chief Technology Officer
WhiteHat Security Inc.
http://www.whitehatsec.com


----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

Received on Thu Jul 3 12:31:45 2003

This message: [ Message body ]
Next message: James Tollerson: "RE: frontpage extensions; backdoor or initial compromise?"
In reply to shimi: "Re: Another overflow exploit for Apache?"
Next in thread: Timmothy Posey: "RE: Another overflow exploit for Apache?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:10 EDT