[ic] IC-specific hacking attempt
Kevin Walsh
kevin at cursor.biz
Sun Mar 28 15:37:59 EST 2004
Grant [emailgrant123b at yahoo.com] wrote:
> I noticed the following request in my logs and thought I'd mention it to
> you guys:
>
> www.mydomain.com/cgi-bin/mycatalog/__SQLUSER__
>
> It's the first hacking attempt I've seen that looks
> IC-specific. Is there anything I might want to check my system out for?
>
I can verify the problem on a 5.0 system. I haven't looked at it
on 5.1 yet, but I suspect that it'll be the same.
Apply the following patch as an emergency fix. The real fix will
either be the same, or something similar elsewhere.
----------------------------------------------------------------------
*** Page.pm 28 Mar 2004 20:29:39 -0000 2.17
--- Page.pm 28 Mar 2004 20:34:43 -0000
***************
*** 75,80 ****
--- 75,81 ----
die ::get_locale_message(412, "Missing special page: %s\n", $name)
unless defined $page;
+ $subject =~ s/_/_/g;
$page =~ s#\[subject\]#$subject#ig;
$Vend::PageInit = 0;
interpolate_html($page, 1);
----------------------------------------------------------------------
Also, while you're at it, get the person's IP address and file a
complaint.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
More information about the interchange-users
mailing list