Update

Printable View

March 31st, 2002, 07:58 AM
Euclid

Update

If you remember awhile back a post called k12.edu.
The post was being able to run arbritary code on their server.
[ http://www.antionline.com/showthread...hreadid=218780 ]

I just checked the website to see what it was and i was curious if they ever fixed it.

i went to http://216.247.78.24 and it came up with some NT service pack update page
so then i went to http://216.247.78.24:80 and got this
[see attachment or go to page]

Guess they never fixed it
March 31st, 2002, 02:25 PM
ac1dsp3ctrum

Guess not :(
This is the problem with sites like this, a few of them ruin it for everybody else... And they probably used that same exploit, too :fpissed:
March 31st, 2002, 02:28 PM
ac1dsp3ctrum

Security Issues

http://216.247.78.24/scripts/*%0a.pl

Perl.exe is being used as the perl script interpreter - consequently virtual paths can be mapped to physical paths: The /scripts directory maps to d:\216.247.78.24\scripts\. Use PerlIS.dll instead of perl.exe to resolve this problem.

http://216.247.78.24//_vti_pvt/doctodep.btr doctodep.btr can sometimes contain fragments of server side code.

http://216.247.78.24//cfdocs/expeval...th=c:\boot.ini ExprCalc.cfm can be used to read files on the web server. Apply the patch from Allaire. See http://www2.l0pht.com/advisories/cfusion.txt for more information.

http://216.247.78.24//cfdocs/expeval/openfile.cfm openfile.cfm can be used to read files on the web server. Apply the patch from Allaire. See http://www2.l0pht.com/advisories/cfusion.txt for more information.

This sucks ass.... It took me about 3 seconds to find all of these :( I think they really need security