perl/php connect-back backdoor?

From: Ingram (Vail_at_gmx.net)
Date: 07/27/03

Next message: wirepair: "is it even possible for a worm with dcom vuln?"

Previous message: DownBload: "Re: Some help With BOF Exploits Writing."
Next in thread: Rick Patel: "RE: perl/php connect-back backdoor?"
Reply: Rick Patel: "RE: perl/php connect-back backdoor?"
Reply: Knud Erik Højgaard: "Re: perl/php connect-back backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 27 Jul 2003 19:19:52 +0200 (MEST)
To: vuln-dev@securityfocus.com

hi folks,

while pentesting a webserver i found a way to upload cgi/php scripts to
/cgi-bin, but as verified with hping all ports except 113 (which needs root
privs) are filtered. Means i couldn't use a portbinding backdoor, because
all
i got right know is uid www. I think a connect-back perl/php code could
made it through this packtfilter, as the outbound rules could be less tight.

Anyone aware of a backdoor like this?

Thx in advantage
Ingram

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Jetzt ein- oder umsteigen und USB-Speicheruhr als Prämie sichern!

Next message: wirepair: "is it even possible for a worm with dcom vuln?"

Previous message: DownBload: "Re: Some help With BOF Exploits Writing."
Next in thread: Rick Patel: "RE: perl/php connect-back backdoor?"
Reply: Rick Patel: "RE: perl/php connect-back backdoor?"
Reply: Knud Erik Højgaard: "Re: perl/php connect-back backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]