Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: PHP Security
From: "Eduardo Tongson" <propolice () gmail com>
Date: Wed, 19 Mar 2008 08:09:27 +0800
If I understood correctly you mean /XXX is created on the fly.
Probably a variant of the Random JS Toolkit [1].

[1] <http://blog.eonsec.com/2008/01/random-js-toolkit.html>

 -- Ed  <.. _ . . _>

On Tue, Mar 18, 2008 at 7:58 AM, Greg Song <bigrootno1 () gmail com> wrote:

Hi all
 Thesedays I'm analyzing the solarys system that using apache web
 server and php. Of cause it hacked.
 I could not find reason of some situation that the specified directory
 are created over and over(it includes check.js)
 Weblog record as below
 >> xxx.xxx.xxx.xxx GET "/XXX/ahibix/check.js
 Some pages can upload the file but it didn't work when I uploaded some php file.
 I'm wondering how it makes some directories.
 Any suggestin,ideas.
 Thanks all

 -------------------------------------------------------------------------
 Sponsored by: Watchfire
 Methodologies & Tools for Web Application Security Assessment
 With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

 https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
 -------------------------------------------------------------------------




-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]