Did you try it yourself? On Dec 14, 2011 1:50 PM, "Knute Johnson" <apa...@knutejohnson.com> wrote:
> This showed up in my log today on a Ubuntu server with Apache 2.2.17. > > A total of 3 possible successful probes were detected (the following URLs > contain strings that match one or more of a listing of strings that > indicate a possible exploit): > > /?file=../../../../../../proc/**self/environ%00 HTTP Response 200 > /?mod=../../../../../../proc/**self/environ%00 HTTP Response 200 > /?page=../../../../../../proc/**self/environ%00 HTTP Response 200 > > This can't actually return any data can it? > > Thanks, > > knute... > > ------------------------------**------------------------------**--------- > The official User-To-User support forum of the Apache HTTP Server Project. > See > <URL:http://httpd.apache.org/**userslist.html<http://httpd.apache.org/userslist.html>> > for more info. > To unsubscribe, e-mail: > users-unsubscribe@httpd.**apache.org<users-unsubscr...@httpd.apache.org> > " from the digest: > users-digest-unsubscribe@**httpd.apache.org<users-digest-unsubscr...@httpd.apache.org> > For additional commands, e-mail: users-h...@httpd.apache.org > >
