On Tue, Dec 13, 2011 at 9:50 PM, Knute Johnson <apa...@knutejohnson.com>wrote:
> This showed up in my log today on a Ubuntu server with Apache 2.2.17. > > A total of 3 possible successful probes were detected (the following URLs > contain strings that match one or more of a listing of strings that > indicate a possible exploit): > > /?file=../../../../../../proc/**self/environ%00 HTTP Response 200 > /?mod=../../../../../../proc/**self/environ%00 HTTP Response 200 > /?page=../../../../../../proc/**self/environ%00 HTTP Response 200 > > This can't actually return any data can it? > It should not return any data from Apache itself. It will do something if you have an application set up that chooses what file to display based on the query string. - Y
