Steve Bertrand said the following on 08/26/2009 01:33 AM:
In this case, OP, look for:
- directories named as such:
-- . ..
-- . .
-- etc, particularly under:
-- or anywhere else the [gu]id of the webserver could possibly write to
Thanks for the comments, Steve. This has indeed been the case here:
there was a bunch of files installed by user 'www' (the webserver) in a
directory called ".," in /tmp ; the script itself was in /tmp
Someone has suggested to me that the vulnerability might have been in
the RoundCube webmail package which I had installed:
"Cross-site scripting (XSS) vulnerability in RoundCube Webmail
(roundcubemail) 0.2 stable allows remote attackers to inject arbitrary
web script or HTML via the background attribute embedded in an HTML
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"