Steve Bertrand said the following on 08/26/2009 01:33 AM:
In this case, OP, look for:
- directories named as such:
-- ...
-- . ..
-- . .
-- etc, particularly under:
-- /var/tmp
-- /tmp
-- or anywhere else the [gu]id of the webserver could possibly write to
Thanks for the comments, Steve. This has indeed been the case here:
there was a bunch of files installed by user 'www' (the webserver) in a
directory called ".," in /tmp ; the script itself was in /tmp
Someone has suggested to me that the vulnerability might have been in
the RoundCube webmail package which I had installed:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0413
"Cross-site scripting (XSS) vulnerability in RoundCube Webmail
(roundcubemail) 0.2 stable allows remote attackers to inject arbitrary
web script or HTML via the background attribute embedded in an HTML
e-mail message."
--
Colin Brace
Amsterdam
http://www.lim.nl
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"