AG's Blog: Security Advisory

� links for 2006-03-29 | Main | links for 2006-04-03 �

March 30, 2006

Security Advisory

It seems that script kiddies are taking advantage of 'randhtml.cgi' perl script that comes bundled with MT. The perl script simply does as the name suggests; allows you to embed random HTML strings into your blog entries. If you have this executable script in /cgi-bin, and it is not critical for your site, I'd suggest that you remove it. At the very least 'chmod 600', as it seems to have been targeted for mischief. A couple of weeks ago, I noticed that some clever mind wanted to embed some weird HTML footer on some of my archive pages using a bit of PHP include file trickery. It seems that the footer would force a windows metafile injection, which redirects to some strange website. I wasn't to concerned about the .wmf injection, as I don't run a M$ OS( I believe that there is a patch to protect against the metafile injection vulnerability). However, it was annoying that .wmf download request.. Bottom is that these kiddies are looking for artificial page hits.

Posted by AG at March 30, 2006 4:41 AM

AG's Blog

Technical musings, Open Source evangelism, and occasional personal rambling for anyone who cares to read it..

March 30, 2006

Security Advisory