in first and last casehe was checking if it is possible to pass shell commands throught command or cmd parameter.not sure on second one but it looks like he was testing for unsanitized url redirection vul.
On Wed, Feb 12, 2014 at 9:28 PM, Knute Johnson <[email protected]>wrote: > I found the following in my log this morning. Does anybody know what it > really means? Thanks. > > A total of 3 possible successful probes were detected (the following URLs > contain strings that match one or more of a listing of strings that > indicate a possible exploit): > > > /user.php?caselist[bad_file.txt][path]=http://www.google. > com/humans.txt?&command=cat%20/etc/passwd HTTP Response 302 > > /sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=http://www.google.com/humans.txt? > HTTP Response 302 > > /gepi/gestion/savebackup.php?filename=http://www.google. > com/humans.txt?&cmd=cat/etc/passwd HTTP Response 302 > > > -- > > Knute Johnson > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Rahul Bhola B.E. computers Core Member Department of backstage Bits Pilani KK Birla Goa Campus
