[kwlug-disc] Identify this exploit?
Paul Nijjar
paul_nijjar at yahoo.ca
Sat Dec 28 01:49:53 EST 2019
In my Apache logs I saw something like this, and my search-engine
skills are weak:
133.18.209.124 - - [27/Dec/2019:04:09:39 -0500] "GET /download.php?file=../../../../../../../../../../../../etc/passwd HTTP/1.1" 404 209 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
It's pretty obvious what they are trying to do, but I am having
trouble figuring out what the target is, exactly. Is this an exploit
in a popular web package I should know about?
- Paul
--
Get tech event listings: https://off-topic.kwlug.org/watcamp
Blog: http://pnijjar.freeshell.org
More information about the kwlug-disc
mailing list