13 Jan
2004
13 Jan
'04
20:20
Hi everybody, I have asked the gentle folks on the Full-Disclosure list about the files from this machine: http://218.234.171.84/manual/.x/ and someone has taken an amazingly quick look at them and posted some information. I attached the original message (don't know if this list truncates attachments though). Apparently an PHP injection has been used to get the files onto the target machine and the hack relied on the do_brk() vulnerability of the Linux kernel. But read for yourself. regards, Tobias W.