Security Advisory

| No TrackBacks

It seems that script kiddies are taking advantage of 'randhtml.cgi' perl script that comes bundled with MT. The perl script simply does as the name suggests; allows you to embed random HTML strings into your blog entries. If you have this executable script in /cgi-bin, and it is not critical for your site, I'd suggest that you remove it. At the very least 'chmod 600', as it seems to have been targeted for mischief. A couple of weeks ago, I noticed that some clever mind wanted to embed some weird HTML footer on some of my archive pages using a bit of PHP include file trickery. It seems that the footer would force a windows metafile injection, which redirects to some strange website. I wasn't to concerned about the .wmf injection, as I don't run a M$ OS( I believe that there is a patch to protect against the metafile injection vulnerability). However, it was annoying that .wmf download request.. Bottom is that these kiddies are looking for artificial page hits.

  • Anatomy of Hack (Revisited)
  • The problem of not following standards
  • Pardon the Interruption
  • Self-Manifestation
  • No TrackBacks

    TrackBack URL: http://bkaeg.org/cgi-bin/mt/mt-tb.cgi/357

    Monthly Archives

    Pages

    OpenID accepted here Learn more about OpenID
    Powered by Movable Type 4.25

    About this Entry

    This page contains a single entry by AG published on March 30, 2006 4:41 AM.

    links for 2006-03-29 was the previous entry in this blog.

    links for 2006-04-03 is the next entry in this blog.

    Find recent content on the main index or look in the archives to find all content.