httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] URL Requests being use to probe my server
Date Wed, 05 Sep 2012 22:51:43 GMT
On Wed, Sep 5, 2012 at 6:45 PM, Jason T. Slack-Moehrle
<slackmoehrle@gmail.com> wrote:
> CentOS 6, Apache/2.2.15 (Unix)
>
> I am receiving messages in my Logwatch that state:
>
>  A total of 1 sites probed the server
>     210.86.231.xx
>
>  A total of 1 possible successful probes were detected (the following URLs
>  contain strings that match one or more of a listing of strings that
>  indicate a possible exploit):
>
>     /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n
> HTTP Response 200
>
>
> I tried to copy and paste this URL after the IP of the server and
> nothing seemed to happen, my site came up as normal.
>
> Can anyone explain what they are trying to accomplish? Obviously see
> if they can manipulate my /etc/passwd file?
>

maybe http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2336

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message