On Wed, Sep 5, 2012 at 6:45 PM, Jason T. Slack-Moehrle <[email protected]> wrote: > CentOS 6, Apache/2.2.15 (Unix) > > I am receiving messages in my Logwatch that state: > > A total of 1 sites probed the server > 210.86.231.xx > > A total of 1 possible successful probes were detected (the following URLs > contain strings that match one or more of a listing of strings that > indicate a possible exploit): > > > /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n > HTTP Response 200 > > > I tried to copy and paste this URL after the IP of the server and > nothing seemed to happen, my site came up as normal. > > Can anyone explain what they are trying to accomplish? Obviously see > if they can manipulate my /etc/passwd file? >
maybe http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2336 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
