because of HTTP Response 302 a safe bet would be to say he didnt get anything still i would recommend you to sanitize the data u get from parameter command and cmd.
Also simply go to the url to see what he saw


On Wed, Feb 12, 2014 at 9:58 PM, Knute Johnson <apache@knutejohnson.com> wrote:
On 2/12/2014 08:04, rahul bhola wrote:
in first and last casehe was checking if it is possible to pass shell
commands throught command or cmd parameter.not sure on second one but it
looks like he was testing for unsanitized url redirection vul.


On Wed, Feb 12, 2014 at 9:28 PM, Knute Johnson <apache@knutejohnson.com
<mailto:apache@knutejohnson.com>> wrote:

    I found the following in my log this morning.  Does anybody know
    what it really means?  Thanks.

      A total of 3 possible successful probes were detected (the
    following URLs
      contain strings that match one or more of a listing of strings that
      indicate a possible exploit):


    /user.php?caselist[bad_file.__txt][path]=http://www.google.__com/humans.txt?&command=cat%__20/etc/passwd
    <http://www.google.com/humans.txt?&command=cat%20/etc/passwd> HTTP
    Response 302

    /sid=__XXXXXXXXXXXXXXXXXXXXXXXXXXXX&__shopid=http://www.google.com/__humans.txt
    <http://www.google.com/humans.txt>? HTTP Response 302

    /gepi/gestion/savebackup.php?__filename=http://www.google.__com/humans.txt?&cmd=cat/etc/__passwd

    <http://www.google.com/humans.txt?&cmd=cat/etc/passwd> HTTP Response 302


    --

    Knute Johnson

    ------------------------------__------------------------------__---------
    To unsubscribe, e-mail: users-unsubscribe@httpd.__apache.org
    <mailto:users-unsubscribe@httpd.apache.org>

    For additional commands, e-mail: users-help@httpd.apache.org
    <mailto:users-help@httpd.apache.org>





--
Rahul Bhola
B.E.
computers
Core Member
Department of backstage
Bits Pilani KK Birla Goa Campus

So you think he was trying to get the content of my passwd file?  So what would that get him?

Is it possible to do this myself to see what he could have gotten?

Thanks,


--

Knute Johnson

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




--
Rahul Bhola
B.E.
computers
Core Member
Department of backstage
Bits Pilani KK Birla Goa Campus