| Esta discussão foi arquivada. Não se pode acrescentar nenhum comentário. | | por Anonimo Cobarde em 18-05-00 13:27 GMT (#1)
|
| Dia 17... todo o dia sem noticias. Puseram depois 2 já depois das 10 horas da noite.
Dia 18(hoje)... a meio do dia e ainda nao se vê nenhuma.
Tá a correr bem... e já nem falo nos bugs que ontem apareceram, nem dava para fazer comentarios às noticias.
|
| | | | | por Anonimo Cobarde em 22-05-00 7:01 GMT (#2)
|
| Sendo um webdeveloper da área do IIS/NT (ou seja, programo em ASP/COM/SQL,etc...), e apesar de não ser o gestor de IIS e Segurança, consulto diariamente os sites dedicados à segurança, falhas, etc ... que vão sendo descobertas, e sempre que posso aviso os meus colegas e clientes para instalarem os patchs que como sabem na Microsoft são quase semanais.
Há dias, descobri um pequeno utilitário, o twwwscan, e testei-o em sites meus, de clientes e alguns dos maiores em pt que são em IIS. Na maioria deles, este utilitário não detectou nenhuma falha, ou seja, grande parte tinha os patchs mais recentes instalados.
Depois, por mera curiosidade, corri a "coisa" a analisar o gildot, e o resultado deixou-me estupefacto. Então, não é que o Gildot, antro de exagerados "bota a abaixo o NT", tinha mais buracos que um queijo suiço !! Eu como não percebo nada de Linux, nem sei se são falhas graves, mas fiquei deveras supreendido. Agradecia comentários ...
Connecting HTTP Port - Result: www.gildot.org Connect Success
HTTP/1.1 200 OK
Date: Sat, 20 May 2000 08:39:09 GMT
Server: Apache/1.3.12 (Unix) (Red Hat/Linux) mod_perl/1.22
Connection: close
Content-Type: text/html
THC Web Backdoor(rwwwshell.pl) Checking: !!! FOUND !!!
Un1G Web Backdoor(un1g1.1) Checking: !!! FOUND !!!
Un1G Web Backdoor(un1g1.2) Checking: !!! FOUND !!!
PHF(phf) Checking: !!! FOUND !!!
PHF(phf.cgi) Checking: !!! FOUND !!!
test-cgi Checking: !!! FOUND !!!
Local host finger (finger) Checking: !!! FOUND !!!
Count.cgi bof(Count.cgi) Checking: !!! FOUND !!!
Escape to a shell(jj) Checking: !!! FOUND !!!
IRIX(day5datacopier.cgi) Checking: !!! FOUND !!!
IRIX(day5datanotifier.cgi) Checking: !!! FOUND !!!
bof(php.cgi) Checking: !!! FOUND !!!
php Checking: !!! FOUND !!!
nph-test-cgi Checking: !!! FOUND !!!
nph-publish Checking: !!! FOUND !!!
IRIX(handler) Checking: !!! FOUND !!!
IRIX(webdist.cgi) Checking: !!! FOUND !!!
IRIX(wrap.cgi) Checking: !!! FOUND !!!
AnyForm2 Checking: !!! FOUND !!!
web sendmail security hole(webgais) Checking: !!! FOUND !!!
web sendmail security hole(websendmail) Checking: !!! FOUND !!!
faxsurvey Checking: !!! FOUND !!!
htmlscript Checking: !!! FOUND !!!
IRIX(pfdisplay.cgi) Checking: !!! FOUND !!!
shell execute perl.exe Checking: !!! FOUND !!!
WebBoard(wwwboard.pl) Checking: !!! FOUND !!!
www-sql Checking: !!! FOUND !!!
SCO(view-source) Checking: !!! FOUND !!!
campas Checking: !!! FOUND !!!
Glimpse HTTP security hole(aglimpse) Checking: !!! FOUND !!!
Glimpse HTTP security hole(glimpse) Checking: !!! FOUND !!!
man.sh Checking: !!! FOUND !!!
Excite 1.1(AT-admin.cgi) Checking: !!! FOUND !!!
Excite 1.1(AT-generate.cgi) Checking: !!! FOUND !!!
filemail.pl Checking: !!! FOUND !!!
maillist.pl Checking: !!! FOUND !!!
info2www Checking: !!! FOUND !!!
files.pl Checking: !!! FOUND !!!
bnbform.cgi Checking: !!! FOUND !!!
survey.cgi Checking: !!! FOUND !!!
textcounter.pl Checking: !!! FOUND !!!
classifieds.cgi Checking: !!! FOUND !!!
environ.cgi Checking: !!! FOUND !!!
wrap Checking: !!! FOUND !!!
cgiwrap Checking: !!! FOUND !!!
edit.pl Checking: !!! FOUND !!!
perl Checking: !!! FOUND !!!
Lotus Note(domcfg.nsf) Checking: !!! FOUND !!!
Lotus Note(today.nsf) Checking: !!! FOUND !!!
Lotus Note(names.nsf) Checking: !!! FOUND !!!
Lotus Note(catalog.nsf) Checking: !!! FOUND !!!
Lotus Note(log.nsf) Checking: !!! FOUND !!!
Lotus Note(domlog.nsf) Checking: !!! FOUND !!!
Lotus Note(Xrun.cgi) Checking: !!! FOUND !!!
Gais tool(webgais) Checking: !!! FOUND !!!
coldFusion Dos(startstop.html) Checking: !!! FOUND !!!
Sambar Server(dumpenv.pl) Checking: !!! FOUND !!!
adminlogin Checking: !!! FOUND !!!
Cobalt RaQ2 server(test.cgi) Checking: !!! FOUND !!!
Cobalt RaQ2 server(submit.cgi) A Checking: !!! FOUND !!!
Cobalt RaQ2 server(submit.cgi) B Checking: !!! FOUND !!!
guestbook.cgi Checking: !!! FOUND !!!
guestbook.pl Checking: !!! FOUND !!!
Redhat 6(cachemgr.cgi) Checking: !!! FOUND !!!
whois_raw.cgi Checking: !!! FOUND !!!
Mac HTTP(responder.cgi) Checking: NOT
Shopping Carts(perlshop.cgi) Checking: !!! FOUND !!!
Tektronix Webserver(ncl_items.html) Checking: !!! FOUND !!!
webwho.pl Checking: !!! FOUND !!!
Nortel Contivity DoS,view(cgiproc) Checking: !!! FOUND !!!
AltaVista Search Engine(query) Checking: !!! FOUND !!!
w3-msql Checking: !!! FOUND !!!
Home Free CGI(search.cgi) Checking: !!! FOUND !!!
PowerScripts PlusMail(plusmail) Checking: !!! FOUND !!!
Cobalt(siteUserMod.cgi) Checking: !!! FOUND !!!
Htdig EZ Shopper 3.0(loadpage.cgi) Checking: !!! FOUND !!!
OpenLinux(rpm_query) Checking: !!! FOUND !!!
IRIX 6.5(infosrch.cgi) Checking: !!! FOUND !!!
Netscape Web Publishing(publisher) Checking: !!! FOUND !!!
PublishingXpert 2.*(PSCOErrPage.htm) Checking: !!! FOUND !!!
Infonautics(getdoc.cgi) Checking: !!! FOUND !!!
BizDB Search(bizdb1-search.cgi) Checking: !!! FOUND !!!
htDig path reveals Checking: !!! FOUND !!!
redhat 6.2 backdoor(passwd.php3) Checking: !!! FOUND !!!
UltraBoard(ultraboard.pl),DoS Checking: !!! FOUND !!!
UltraBoard(ultraboard.cgi) Checking: !!! FOUND !!!
|
| |
|
