[Coco] Sites restored
Torsten Dittel
Torsten at Dittel.info
Fri Nov 23 19:26:44 EST 2007
Roger,
a few days ago I noticed the upload dir feature. To be honest, I didn't
like the idea that one could read the usernames there (makes it much
easier to start an exploit because you would just have to find the
corresponding password because you already know a valid username).
However, for curiousity (and because noone else had been in the Cafe to
chat with, I really hate the time shift ;-)) I had a look in each single
of the available dirs to see what people are using that feature for. I
noticed the suspicious dirs "anncy" and "testing" containing malicious
codes (one script containing several times the words "Balkan Crew").
I immediately posted a warning adressed to yourself into the Cafe's
chat, expecting that you're lurking from time to time and would catch
the message (it was even in there the next day). I warned everyone *not*
to access those files. Bad enough it looks like you didn't read it in
time. Looks like I should really have sent you an e-mail...
Regards,
Torsten
More information about the Coco
mailing list