Re: Strange CONNECT entries in apache logs

• Previous message: OSCAR: "Re: Strange CONNECT entries in apache logs"
• Maybe in reply to: Rajkumar S: "Strange CONNECT entries in apache logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 12 Jun 2003 07:24:11 -0500
To: incidents@securityfocus.com

On Thursday, Jun 12, 2003, at 04:15 America/Lima, Christine Kronberg
wrote:

>> 21.10.41.230 0 - - [07/Jun/2003:09:32:16 -0500] "GET
>> /index.php?page=../../../../../../../../../../../../../../../etc/
>> passwd
>> HTTP/1.1" 200 38508
>
> 38508 bytes transferred? What does your server send?
>

This is what it sends when pasting
"/index.php?page=../../../../../../../../../../../../../../../etc/
passwd"

Seems generic stuff. Can anybody else try it and see what it gets?

BTW, smmsp and mysql are not enabled/installed on that server.

-O

##
# User Database
#
# Note that this file is consulted when the system is running in
single-user
# mode. At other times this information is handled by lookupd. By
default,
# lookupd gets information from NetInfo, so this file will not be
consulted
# unless you have changed lookupd's configuration.
##
nobody:*:-2:-2:Unprivileged User:/nohome:/noshell
root:*:0:0:System Administrator:/var/root:/bin/tcsh
daemon:*:1:1:System Services:/var/root:/noshell
smmsp:*:25:25:Sendmail User:/private/etc/mail:/noshell
www:*:70:70:World Wide Web Server:/Library/WebServer:/noshell
mysql:*:74:74:MySQL Server:/nohome:/noshell
sshd:*:75:75:sshd Privilege separation:/var/empty:/noshell
unknown:*:99:99:Unknown User:/nohome:/noshell

----------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: OSCAR: "Re: Strange CONNECT entries in apache logs"
• Maybe in reply to: Rajkumar S: "Strange CONNECT entries in apache logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [fw-wiz] Re: General question, was: question on securing out-of-band management ... things for our "management network" ... Each with a different login, each with a different passwd, each with a different way of resetting expired/locked passwds and such. ... Most often, and here's the catch, we have a zone for our console access in say czone, all admined on avocents, course, the avocents have their own quirks, like there is limited cut and paste, and if an app is poorly setup and scrolls it;s log info to the console it can make it so the console is totally unavailable. ... so depending, I might fnd it easier to maintain a system from one of these limited console devices, rather then getting the direct access tot he server in question due to esap/vpn madness issues. ... (Firewall-Wizards) Re: NIS+ User addtion ... > when my server was Solaris 2.6. ... >> Use NEW passwd for login and OLD passwd for keylogin. ... >> Make sure you do these on your Master server. ... choose new password two times for the guest account ... (comp.unix.solaris) bash-2.05# ldaplist passwd ldaplist: Object not found (LDAP ERROR (1): Operations error.) ... On a Solaris 9 LDAP client bound to a Sun ONE Directory Server 5.2 the ... ldaplist command can not list all tables. ... passwd" returns only /etc/passwd but "getent passwd user" lists the ... (comp.unix.solaris) auto.home problem ... I'm setting up a redhat cluster, using NIS to share passwd and auto.home ... The server works fine but the clients are giving me this problem ... cannot find username for UID 3356 ... (linux.redhat) Password change problems ... I4m terribly confused about one problem in our environment. ... one system patch application, the password change is not working. ... NIS passwd/attributes changed on server ... passwd: Password database busy. ... (SunManagers)