I'm guessing it might be trying a probe against a content management
system that has a hole in it (e.g., Wordpress has been known to leak
information in the past).
Clearly some security scanner wrote those entries in your log file. If
you have something checking for that kind of exploit, you might want to
look at its documentation for details. (And report back!)
Issac Goldstand wrote:
not sure what it thinks its matching but both of those urls will
return 200 with the homepage on a static site...
Sent from my mobile. Please excuse any typos, spelling or other
weirdness.
Sent with AquaMail for Android
http://www.aqua-mail.com
On November 19, 2012 4:39:58 AM Knute Johnson
<[email protected]> wrote:
A total of 2 possible successful probes were detected (the following
URLs contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/?mod=../../../../../../../../proc/self/environ%00 HTTP Response
200
/?page=../../../../../../../../proc/self/environ%00 HTTP
Response 200
Above showed up in my log this morning. Anybody know what the exploit
could be and how one can prevent this?
Thanks,
knute...
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
