[Moderator: I am passing this along more with the generic warning of, make
sure you stay abreast of security concerns! Odds are, every site is
running at least one buggy/vulnerable program or service. Stay up to date
on releases and known vulnerabilities. There is NO reason to get
compromised when the information is made public!]
Forwarded From: Erik Parker <netmask@303.org>
Originally From: Christian Antkow <xian@IDSOFTWARE.COM>
Originally To: BUGTRAQ@netspace.org
Subject: Website Pro v2.0 (NT) Configuration Issues
As some of you might be aware, our website (www.idsoftware.com) was hacked
this morning using the "out-of-the-box" features of Website Pro 2.0. The
perpetrator used /cgi-dos/args.bat as well as /cgi-win/uploader.exe to
upload new files and overwrite our index.html file with a "Free Kevin"
webpage (identical to the opening page of www.2600.com).
Any admins out there running Website Pro for NT might want to double check
your security settings, and possibly remove these demo files if you don't
have an explicit need for them to exist.
Cheers,
-Xian
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:26:03 1999