Re: Another overflow exploit for Apache? *RESOLVED*

From: Andrew Simmons <andrews(at)mis-cds.com>
Date: Fri Jul 04 2003 - 05:57:15 EDT

trihuynh@zeeup.com wrote:

> 
> Yes, the script is really unsecure. Some of my clients' sites was defaced
> a couple days ago. I don't know much about those dudes from CCBill, but it
> looks like they don't care much about security. Here is also some other
> files you should check too :
> 
> /ccbill/ccbill-local.cgi
> /ccbill/secure/ccbill.log
> /cgi-bin/test.cgi (sometimes these dudes at CCBill forgets to remove the
> script they use to test the client's servers)
> 
> There are no reasons that any remote users to access thoses files. 
> 

This page:

        http://www.xs4all.nl/~frico/exploit.htm

has a list of well-known insecure webserver scripts / paths / exploits - including rather a lot of other CCBill references...

eg:

/admin/ccbill-.cgi
/admin/ccbill-local.cgi
/admin/ccbill-local.cgi?cmd=MENU
/admin/ccbill-local.pl?cmd=MENU

[...]

/ccbill.log
/ccbill/.memberfile
/ccbill/_vti_cnf/
/ccbill/ccbill-.cgi
/ccbill/ccbill-local.cgi
/ccbill/ccbill-local.pl
/ccbill/male/password/.htpasswd
/ccbill/members/.htpasswd
/ccbill/Msbilllog.txt
/ccbill/newpass.txt
/ccbill/password/.htpassfile
/ccbill/password/.htpasswd
/ccbill/password/.htpasswd.410
/ccbill/password/.htpasswd.bak
/ccbill/password/.htpasswd20227
/ccbill/password/.htpasswd-bak
/ccbill/password_manager/
/ccbill/secure/.htnew
/ccbill/secure/.htpasswd
/ccbill/secure/cbill.log
/ccbill/secure/ccbill.log
/cc-bill/secure/ccbill.log
/ccbill/secure/ccbill.log
/ccbill/secure/current.log
/ccbill/secure/current.log-bak
/ccbill/secure/history.dat
/ccbill/secure/password
/ccbill/secure/private_key
/ccbill/secure/purge
/ccbill/secure/secure/ccbill.log
/ccbill/secure/WS_FTP.LOG
/ccbill/secured/
/ccbill/secured/current.log-bak
/ccbill/welcome.htm
/ccbill/whereami.cgi
/ccbill2/.htpasswd
/ccbill2/access.log
/ccbill2/male/password/.htpasswd
/ccbill2/password/.htpassfile
/ccbill2/password/.htpasswd
/ccbill2/password_manager/
/ccbill2/secure/.htpasswd
/ccbill2/secure/current.log
/ccbill2/secured/.htpasswd
/ccbill2/secured/current.log
/ccbill5/secure/ccbill.log
/ccbill-local.cgi

> Best regards,
> 
> Tri Huynh
> SentryUnion
> 
> 

The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. The views expressed in this e-mail are those of the individual and not necessarily of MIS Corporate Defence Solutions Ltd. Any prices quoted are only valid if followed up by a formal written quote. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723410.

---

Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com

---

Received on Sat Jul 5 13:41:48 2003