[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] (no subject)

To: adityad2005@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] (no subject)
From: Ademar Gonzalez <ademar.gonzalez@xxxxxxxxx>
Date: Wed, 28 Sep 2005 10:38:23 -0400

Hi Aditya

On 9/28/05, Aditya Deshmukh
<aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> Recently 2 days ago I saw this in a compromised system.
>
>
> Both this file and cpshost.dll were deleted from C:\InetPub\scripts
> This file was recovered but I was unable to recover cpshost.dll....
>
>
> Anyone know what is this ?
>

It is a upload script, cpshost.dll is the Posting Acceptor ActiveX control :

http://support.microsoft.com/kb/q230298/


>
> <% Response.Buffer = TRUE %>
>
>         Version=1.5
> <%
>         PathToPA = "http://"; + Request.ServerVariables("SERVER_NAME") +
> "/scripts/cpshost.dll"
>
>
>         PostingURL = PathToPA + "?PUBLISH"
>
>         TargetURL = "http://"; + Request.ServerVariables("SERVER_NAME")
> %>
>
>         [{8B14B770-748C-11D0-A309-00C04FD7CFC5}]
>         PostingURL="<%= PostingURL %>"
>         TargetURL="<%= TargetURL %>"
>         ComponentInstall="yes"
>

ciao ciao
ademar
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] (no subject)
  - From: Aditya Deshmukh

Prev by Date: Re: [Full-disclosure] O-O-O
Next by Date: Re: [Full-disclosure] Suggestion for IDS
Previous by thread: [Full-disclosure] (no subject)
Next by thread: Re: [Full-Disclosure] (no subject) cpshost.dll
Index(es):
- Date
- Thread