> > It's possible the CGI that was compromised is distributed under a different > name than the one you found. What form element names get passed to it, and > more importantly, what is the CGI supposed to do? These two bits of > information will probably identify it fairly quickly. Yeah often times people will rename there scripts so people who like to use search engines to hack sites with don't find there script. You also must keep in mind alot of people name a script the same thing. There are quite a few whois.cgi's all written by different authors which you must also keep in mind. I'm also assuming you've found a hole in this so why not (if this is the case) try asking for the scripts own sourcecode. That usually stores vendor info. - zenomorph
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 23:07:35 PDT