Very Computer

by **Andre van Straate** » Mon, 10 Apr 2000 04:00:00

This line is out of my Web server log file:

ultra.mpls.k12.mn.us - - [09/Apr/2000:01:44:55 -0500] "GET /cgi-bin/view-source?cgi-bin/view-source HTTP/1.0" 404 213

This line is the only one from this IP address in the log file.
Does anybody know what this is intended to do? I didn't find any hints on a program
view-source. Is it kind of phf or aglimpse?

Thanks,
Andre

Andre van Straaten
http://www.vanstraatensoft.com
______________________________________________

by **Remove NO_SPAM to rep** » Tue, 11 Apr 2000 04:00:00

Quote:> This line is out of my Web server log file:
> ultra.mpls.k12.mn.us - - [09/Apr/2000:01:44:55 -0500] "GET /cgi-bin/view-source?cgi-bin/view-source HTTP/1.0" 404 213
> This line is the only one from this IP address in the log file.
> Does anybody know what this is intended to do? I didn't find any hints on a program
> view-source. Is it kind of phf or aglimpse?

Your computer was being scanned for a vulnerability in the view-source
cgi script that would allow the attacker (a Mineapolis high school
student) to view your /etc/passwd file (or any other file). Your web
server didn't have this cgi installed and returned a 404. You don't
need to worry.

If you're curious about the attack, go to http://rootshell.com and do
a search on view_source.

Damian Menscher
--

--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--

by **jose** » Tue, 11 Apr 2000 04:00:00

> ultra.mpls.k12.mn.us - - [09/Apr/2000:01:44:55 -0500] "GET /cgi-bin/view-source?cgi-bin/view-source HTTP/1.0" 404 213

i saw this, too, in cleveland.