Re: [Full-Disclosure] Infobot-backdoor
From: w g (xillwillx_at_yahoo.com)
Date: 06/15/03
- Previous message: xlopkov_at_eml.cc: "Re: [Full-Disclosure] Message from "Lel Bruce Peto" to "Thor Larholm" - reply."
- In reply to: Vanja Hrustic: "Re: [Full-Disclosure] Infobot-backdoor"
- Next in thread: Donnie Weiner: "Re: [Full-Disclosure] Infobot-backdoor"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Vanja Hrustic <vanja@pobox.com>, full-disclosure@lists.netsys.com Date: Sat, 14 Jun 2003 23:50:04 -0700 (PDT)
"'Maybe we should have 2 lists instead of 1; full-discolure and
full-disclosure-diapers'"
i wanna be on the 'full-discolure' list , me no likey diapers...
and yes some morons like yourself do install default when they dont know what the *** they are doing ... so sit down ,shut the *** up and quit your bitchin.
kthnx
Vanja Hrustic <vanja@pobox.com> wrote:
On Sat, 14 Jun 2003 21:05:03 -0700
"morning_wood" wrote:
> ------------------------------------------------------------------
> - EXPL-A-2003-007 exploitlabs.com Advisory 007
> ------------------------------------------------------------------
> -= infobot =-
>
> Vunerability:
> ----------------
> 1. Remote Access
Remote access to what?
> by default there are two user names in infobot.users not commented out
>
> quote from from the infobot.conf file...
It is infobot.users file, actually, as you mentioned earlier.
Quote from README, at the top of the file (can't miss it, if you know how
to read):
"You will need to update your infobot.config
and infobot.users. See the example files."
You *really* have to be stupid in order to install default config/users
file.
> it seems the authors have provided themselves with a nifty backdoor...
> or any one who can match these credentals in the user database
> infobot.users
This list seems to be overloaded with children between 13 and 15 years of
age.
Maybe we should have 2 lists instead of 1; full-discolure and
full-disclosure-diapers
What's your next advisory?
"./configure; make; make install" copies files to predictable location !?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: xlopkov_at_eml.cc: "Re: [Full-Disclosure] Message from "Lel Bruce Peto" to "Thor Larholm" - reply."
- In reply to: Vanja Hrustic: "Re: [Full-Disclosure] Infobot-backdoor"
- Next in thread: Donnie Weiner: "Re: [Full-Disclosure] Infobot-backdoor"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
