Date: Sun, 6 May 2001 01:37:53 -0700 From: Kris Kennaway <kris@obsecurity.org> To: security-officer@FreeBSD.org, www@FreeBSD.org, arubin@concentric.net Subject: Attack on dosendpr.cgi Message-ID: <20010506013753.A51338@xor.obsecurity.org>
next in thread | raw e-mail | index | archive | help
--k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Today some Japanese hax0r spammed a japanese UNIX help BBS (http://cocoa.2ch.net/unix/index2.html) with a bunch of links (annotated with things like "help is available at this link", and others more overt: "Linux is better than FreeBSD, this link will dump shit into their PR database") which caused a bogus PR to be submitted via the website (which wrongly uses GET, not POST, to submit new PRs). I chmod 0'd the dosendpr.cgi script on freefall until it can be fixed -- someone needs to look at this ASAP. Kris --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE69Q1gWry0BWjoQKURAqubAKCmOx9tgfbGyIYz606b/Li/N/t3FQCgqZ7N PPLyS5VJlNcOC2mklyHYWtc= =HMh+ -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-www" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010506013753.A51338>