[ic] IC-specific hacking attempt
Mike Heins
mike at perusion.com
Sun Mar 28 16:02:06 EST 2004
Quoting Kevin Walsh (kevin at cursor.biz):
> Grant [emailgrant123b at yahoo.com] wrote:
> > I noticed the following request in my logs and thought I'd mention it to
> > you guys:
> >
> > www.mydomain.com/cgi-bin/mycatalog/__SQLUSER__
> >
> > It's the first hacking attempt I've seen that looks
> > IC-specific. Is there anything I might want to check my system out for?
> >
> I can verify the problem on a 5.0 system. I haven't looked at it
> on 5.1 yet, but I suspect that it'll be the same.
>
> Apply the following patch as an emergency fix. The real fix will
> either be the same, or something similar elsewhere.
>
> ----------------------------------------------------------------------
> *** Page.pm 28 Mar 2004 20:29:39 -0000 2.17
> --- Page.pm 28 Mar 2004 20:34:43 -0000
> ***************
> *** 75,80 ****
> --- 75,81 ----
>
> die ::get_locale_message(412, "Missing special page: %s\n", $name)
> unless defined $page;
> + $subject =~ s/_/_/g;
> $page =~ s#\[subject\]#$subject#ig;
> $Vend::PageInit = 0;
> interpolate_html($page, 1);
> ----------------------------------------------------------------------
>
> Also, while you're at it, get the person's IP address and file a
> complaint.
I have patched all three pertinent versions (4.8, 5.0, 5.1). This is
a definite hole and we should release ASAP.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
Software axiom: Lack of speed kills.
More information about the interchange-users
mailing list