Security Basics mailing list archives

RE: Strange found in apache error.log

From: "Miguel Dilaj" <Miguel.Dilaj () nccgroup com>
Date: Tue, 6 Dec 2005 08:54:53 -0000

Look for the thread entitled "[Full-disclosure] Bug with .php
extension?" in the full disclosure mailing list.
Files with extension not associated with any filter can be executed as
PHP scripts in Apache.
Don't know if this is your case because I haven't investigated the issue
in deep, but the "an unknown filter was not added" message smells like
this bug.
Cheers,

Miguel


-----Original Message-----
From: kc () mikrobit pl [mailto:kc () mikrobit pl] 
Sent: 04 December 2005 00:40
To: security-basics () securityfocus com
Subject: Strange found in apache error.log

Hi
I found something like this in my apapche error.log

[Sat Dec 03 00:16:18 2005] [error] an unknown filter was not added:
includes [Sat Dec 03 00:16:18 2005] [error] an unknown filter was not
added: includes [Sat Dec 03 00:16:18 2005] [error] an unknown filter was
not added: includes [Sat Dec 03 00:32:30 2005] [error] [client
218.156.221.22] client denied by server configuration: /v
irtual/mikrobit/_http/ [Sat Dec 03 00:34:10 2005] [error] [client
81.219.172.109] client denied by server configuration: /v
irtual/mikrobit/_http/
Miguel Dilaj
Pen Test Consultant
NCC Group
Manchester Technology Centre,
Oxford Road,
Manchester, M1 7EF
Tel: +44 (0)161 209 5459
Mobile: +44 (0)7811 352 848
Fax: +44 (0)161 209 5400
eMail: Miguel.Dilaj () nccgroup com
website: www.nccgroup.com

***********************************************************************************************************

DISCLAIMER:                                                                                                
This e-mail contains proprietary information, some or all of which may be legally privileged.              
It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please 
notify the author by replying to this e-mail. If you are not the intended recipient you may not use,
disclose, distribute, copy, print or rely on this e-mail.   
                                               
***********************************************************************************************************

Current thread:

Re: Strange found in apache error.log, (continued)
- Re: Strange found in apache error.log ascii (Dec 05)
- Re: Strange found in apache error.log Security (Dec 05)
- Re: Strange found in apache error.log Gaddis, Jeremy L. (Dec 06)
- Root kits and host.deny Frynge.com Support (Dec 08)
  - Re: Root kits and host.deny Scott B (Dec 08)
  - Re: Root kits and host.deny Jeff Davis (Dec 08)
  - Re: Root kits and host.deny Edward Krack (Dec 12)
  - Re: Root kits and host.deny Gaddis, Jeremy L. (Dec 12)
    - Message not available
    - Re: Root kits and host.deny Gaddis, Jeremy L. (Dec 13)
- Re: Strange found in apache error.log arron (Dec 05)
- RE: Strange found in apache error.log Miguel Dilaj (Dec 06)