Could the "thief" have used a POST while you used a GET? (Pure speculation - I did not check the source files.)
On Thursday, January 9, 2014 10:25:27 PM UTC-5, Craig Small wrote: > > I got a strange message in my mail today. > It was a paste error message saying that the site had died when > someone accessed it. That's not too strange. > > But what is strange was they were trying a Joomla exploit on it. > http://www.joomlacontenteditor.net/news/item/jce-21-released > It's the third one, the upload chunking support. > > I tried the same url and it just said it didn't like my input, which > is what I'd expect to see because I use the validator. The worry is this > thing did get past the validator, but why? > > The exploit wouldn't work as it relies on a PHP exploit which is a bit > hard to do in python, but I'm just confused why I got any exception > at all. > > The error message was a little worrying too. > File "BLAH/lib/python2.7/site-packages/webob/request.py", line 1521, in > readinto > data = self.file.read(sz0) > IOError: request data read error > > What file was trying to be read? > > - Craig > PS, at least he's an "honest theif" > HTTP_USER_AGENT: BOT/0.1 (BOT for JCE) > -- > Craig Small (@smallsees) http://enc.com.au/ csmall at : enc.com.au > Debian GNU/Linux http://www.debian.org/ csmall at : debian.org > GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5 > -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/turbogears. For more options, visit https://groups.google.com/groups/opt_out.
