CentOS 6, Apache/2.2.15 (Unix)
I am receiving messages in my Logwatch that state:
A total of 1 sites probed the server
210.86.231.xx
A total of 1 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n
HTTP Response 200
I tried to copy and paste this URL after the IP of the server and
nothing seemed to happen, my site came up as normal.
Can anyone explain what they are trying to accomplish? Obviously see
if they can manipulate my /etc/passwd file?
Best,
-Jason
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
