Re: [Full-Disclosure] Infobot-backdoor

From: Vanja Hrustic (vanja_at_pobox.com)
Date: 06/15/03

  • Next message: xlopkov_at_eml.cc: "Re: [Full-Disclosure] Message from "Lel Bruce Peto" to "Thor Larholm" - reply." 
    To: full-disclosure@lists.netsys.com
Date: Sun, 15 Jun 2003 12:11:28 +0600

    On Sat, 14 Jun 2003 21:05:03 -0700
    "morning_wood" <se_cur_ity@hotmail.com> wrote:

    > ------------------------------------------------------------------
    > - EXPL-A-2003-007 exploitlabs.com Advisory 007
    > ------------------------------------------------------------------
    > -= infobot =-
    >
    > Vunerability:
    > ----------------
    > 1. Remote Access

    Remote access to what?

    > by default there are two user names in infobot.users not commented out
    >
    > quote from from the infobot.conf file...

    It is infobot.users file, actually, as you mentioned earlier.

    Quote from README, at the top of the file (can't miss it, if you know how
    to read):

    "You will need to update your infobot.config
    and infobot.users. See the example files."

    You *really* have to be stupid in order to install default config/users
    file.

    > it seems the authors have provided themselves with a nifty backdoor...
    > or any one who can match these credentals in the user database
    > infobot.users

    This list seems to be overloaded with children between 13 and 15 years of
    age.

    Maybe we should have 2 lists instead of 1; full-discolure and
    full-disclosure-diapers

    What's your next advisory?

    "./configure; make; make install" copies files to predictable location !?
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: xlopkov_at_eml.cc: "Re: [Full-Disclosure] Message from "Lel Bruce Peto" to "Thor Larholm" - reply."