[ic] IC-specific hacking attempt

Kevin Walsh kevin at cursor.biz
Sun Mar 28 15:37:59 EST 2004


Grant [emailgrant123b at yahoo.com] wrote:
> I noticed the following request in my logs and thought I'd mention it to
> you guys: 
> 
> www.mydomain.com/cgi-bin/mycatalog/__SQLUSER__
> 
> It's the first hacking attempt I've seen that looks
> IC-specific.  Is there anything I might want to check my system out for?
> 
I can verify the problem on a 5.0 system.  I haven't looked at it
on 5.1 yet, but I suspect that it'll be the same.

Apply the following patch as an emergency fix.  The real fix will
either be the same, or something similar elsewhere.

----------------------------------------------------------------------
*** Page.pm     28 Mar 2004 20:29:39 -0000      2.17
--- Page.pm     28 Mar 2004 20:34:43 -0000
***************
*** 75,80 ****
--- 75,81 ----

        die ::get_locale_message(412, "Missing special page: %s\n", $name)
                unless defined $page;
+       $subject =~ s/_/_/g;
        $page =~ s#\[subject\]#$subject#ig;
        $Vend::PageInit = 0;
        interpolate_html($page, 1);
----------------------------------------------------------------------

Also, while you're at it, get the person's IP address and file a
complaint.

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/



More information about the interchange-users mailing list