Is that possible with an up to date .htaccess?
On Jan 27, 2010, at 1:57 PM, Jeff Greenberg wrote:
On 1/27/2010 12:43 PM, Matt Chapman wrote:
Also FTR, I've seen a similar (but not quite identical) sort of
attack
on a xcart installation on another host.
I've seen the osc / xcart attack. They created a subdirectory in the
image directory... /yahoo ... and put an index.php file in it. The
file checked the query string for a value. If it wasn't there, it
would simply display an osc heading. If the value was there, it
grabbed a base64 value from the query string, decoded it, and called
eval against it.
