Re: vulnerability in glocation.cgi?

[Valdis.Kletnieks () vt edu]

On Fri, 09 Jan 2004 16:39:32 CST, "Schmehl, Paul L" <pauls () utdallas edu>  said:

> There's obviously some sort of exploit for that script, but I couldn't
> even find any mention of it at SecurityFocus or SANS.  Really odd...

What you found was evidence that somebody *thinks* there's a vulnerability.

Now quite possibly there really is/was some exploit - comparing the URLs from
the attempts to see how they passed the 'ls -la' to glocation.cgi might reveal
something. On the other hand, it's possible that there was a annoyingly
larval-stage script kiddie, and a black hat who knew what a snipe hunt was.....
:)

Attachment: _bin
Description: