OT, but related -- WAS: [Mailwatch-users] Active Probes heads
up
dnsadmin 1bigthink.com
dnsadmin at 1bigthink.com
Fri Feb 27 17:31:52 GMT 2009
Hello All,
Related, but not MailScanner -- from the MailWatch list group:
Hi,
I have noticed lots of web probes for...
/mailwatch/mailscanner/docs.php?doc=../../../../../../../etc/passwd%00
/mailscanner/docs.php?doc=../../../../../../../etc/passwd%00
/mailwatch-1.0.4/mailscanner/docs.php?doc=../../../../../../../etc/passwd%00
/docs.php?doc=../../../../../../../etc/passwd%00
...across a few dozen of our servers last night. They were tied in
with the usual web
application attacks so I get the feeling these signatures have been
added to some script
kiddie point and click hacking tool.
If you haven't already removed / patched doc.php, now would be the time!
For those of you unaware of this vulnerability it basically allows
you to read any file on the
server:
http://secunia.com/Advisories/31994/
Regards
Ian
--
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list