We host a blog, running on B2Evolution (Apache Linux), and I see one
particular expoit attempt in our logs a great deal. It doesn't work
against our blog instance, but since I see this attempted so often, I
figure it either is effective against earlier versions of b2evolution,
or perhaps against some other blog software. I see lots of variations of
it, but they are all GET requests for something like:
our.blog.url/index.php?blog=../../../../../../../etc/passwd
Sometimes the URL variable name is different, or some other variation.
Anyone know what blog software is or was vulnerable to this attack?
Also, what are the most common attacks/probes you see against Apache
webservers? I'm making a top five list. (I've read "High Fidelity",
obviously)
Thanks,
E.B.W.
