On Mon, Dec 12, 2011 at 08:57:19AM -0800, Scott Garman wrote:
> On 12/12/2011 08:47 AM, Galen Seitz wrote:
> > A total of 3 possible successful probes were detected (the following URLs
> > contain strings that match one or more of a listing of strings that
> > indicate a possible exploit):
> >
> > /?file=../../../../../../proc/self/environ%00 HTTP Response 200
> > /?mod=../../../../../../proc/self/environ%00 HTTP Response 200
> > /?page=../../../../../../proc/self/environ%00 HTTP Response 200
>
> It should be reasonably straightforward to try going to those urls
> yourself and see if it works.
It's even more straightforward to believe the logging is not broken and believe
the 200 response code.
--
Michael Rasmussen, Portland Oregon
Other Adventures: http://www.jamhome.us/ or http://westy.saunter.us/
Fortune Cookie Fortune du jour:
Don't concentrate on going fast, focus on not going slow.
~ Kent Peterson
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
