<div dir="ltr"><div>It looks like a path traversal attack: <a href="https://www.geeksforgeeks.org/path-traversal-attack-prevention/">https://www.geeksforgeeks.org/path-traversal-attack-prevention/</a></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 28 Dec 2019 at 01:50, Paul Nijjar via kwlug-disc <<a href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">In my Apache logs I saw something like this, and my search-engine<br>
skills are weak: <br>
<br>
133.18.209.124 - - [27/Dec/2019:04:09:39 -0500] "GET /download.php?file=../../../../../../../../../../../../etc/passwd HTTP/1.1" 404 209 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" <br>
<br>
It's pretty obvious what they are trying to do, but I am having<br>
trouble figuring out what the target is, exactly. Is this an exploit<br>
in a popular web package I should know about?<br>
<br>
- Paul<br>
<br>
-- <br>
Get tech event listings: <a href="https://off-topic.kwlug.org/watcamp" rel="noreferrer" target="_blank">https://off-topic.kwlug.org/watcamp</a><br>
Blog: <a href="http://pnijjar.freeshell.org" rel="noreferrer" target="_blank">http://pnijjar.freeshell.org</a><br>
<br>
_______________________________________________<br>
kwlug-disc mailing list<br>
<a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
</blockquote></div>