Re: Hack?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Dec 13, 2011 at 9:50 PM, Knute Johnson <apache@xxxxxxxxxxxxxxxx> wrote:
This showed up in my log today on a Ubuntu server with Apache 2.2.17.

A total of 3 possible successful probes were detected (the following URLs
 contain strings that match one or more of a listing of strings that
 indicate a possible exploit):

   /?file=../../../../../../proc/self/environ%00 HTTP Response 200
   /?mod=../../../../../../proc/self/environ%00 HTTP Response 200
   /?page=../../../../../../proc/self/environ%00 HTTP Response 200

This can't actually return any data can it?

It should not return any data from Apache itself.
It will do something if you have an application set up that chooses what file to display based on the query string.

- Y
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux