[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] file inclusion (les visiteurs)
- To: "Full-Disclosure" <full-disclosure@lists.netsys.com>, "Evert Daman" <evert@digipix.org>
- Subject: Re: [Full-Disclosure] file inclusion (les visiteurs)
- From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@nsrg-security.com>
- Date: Mon, 1 Dec 2003 16:09:27 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Evert,
As you see the person that was trying to exploit is part of
another script kiddies team:
http://c2r.canalforbid.org/xfree.gif
but , the funny thing you can see is that the kiddies having that
domain and space have some stupid scripts running in their account:
http://c2r.canalforbid.org/remote.php
Don't worry , its a very good point to have have running snort but
that guys can't do lot of damage if you have a minimal care relating
with patching,
securing ,etc.
Snort can be used to protect against XSS attacks , just ask at
dan@nsrg-security.com
Best regards,
- -------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__________________________________
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**********************************
\x6e\x73\x72\x67
\x73\x65\x63\x75\x72\x69\x74\x79
\x72\x65\x73\x65\x61\x72\x63\x68
http://www.nsrg-security.com
______________________
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com
iQA/AwUBP8tZjmtOtT6RgF9bEQJkVQCdFu/ETdZ2ZhSh82IGO9t9Tg/4icEAoKsv
8VPP2ZkWjvrY4LZvdxta7K1k
=rA6H
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html