MSUNAG Archives

MSUNAG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave MSUNAG
Reply | Post New Message
Search Archives


Subject: exploits
From: Eric Weston <[log in to unmask]>
Reply-To:[log in to unmask]
Date:Mon, 22 Sep 2008 12:50:56 -0400
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (19 lines) 


We host a blog, running on B2Evolution (Apache Linux), and I see one
particular expoit attempt in our logs a great deal. It doesn't work
against our blog instance, but since I see this attempted so often, I
figure it either is effective against earlier versions of b2evolution,
or perhaps against some other blog software. I see lots of variations of
it, but they are all GET requests for something like:

our.blog.url/index.php?blog=../../../../../../../etc/passwd 

Sometimes the URL variable name is different, or some other variation. 

Anyone know what blog software is or was vulnerable to this attack?

Also, what are the most common attacks/probes you see against Apache
webservers? I'm making a top five list. (I've read "High Fidelity",
obviously)

             Thanks,
                      E.B.W.

Back to: Top of Message | Previous Page | Main MSUNAG Page

Permalink


LIST.MSU.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager