Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange CONNECT entries in apache logs

From: OSCAR <oscar7890 () hotmail com>
Date: Thu, 12 Jun 2003 07:24:11 -0500
On Thursday, Jun 12, 2003, at 04:15 America/Lima, Christine Kronberg wrote: 


21.10.41.230 0 - - [07/Jun/2003:09:32:16 -0500] "GET
/index.php?page=../../../../../../../../../../../../../../../etc/ passwd 
HTTP/1.1" 200 38508


  38508 bytes transferred? What does your server send?
This is what it sends when pasting "/index.php?page=../../../../../../../../../../../../../../../etc/ passwd" 

Seems generic stuff.  Can anybody else try it and see what it gets?

BTW, smmsp and mysql are not enabled/installed on that server.


-O




##
# User Database
#
# Note that this file is consulted when the system is running in single-user # mode. At other times this information is handled by lookupd. By default, # lookupd gets information from NetInfo, so this file will not be consulted 
# unless you have changed lookupd's configuration.
##
nobody:*:-2:-2:Unprivileged User:/nohome:/noshell
root:*:0:0:System Administrator:/var/root:/bin/tcsh
daemon:*:1:1:System Services:/var/root:/noshell
smmsp:*:25:25:Sendmail User:/private/etc/mail:/noshell
www:*:70:70:World Wide Web Server:/Library/WebServer:/noshell
mysql:*:74:74:MySQL Server:/nohome:/noshell
sshd:*:75:75:sshd Privilege separation:/var/empty:/noshell
unknown:*:99:99:Unknown User:/nohome:/noshell



----------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: