[kwlug-disc] Identify this exploit?
CrankyOldBugger
crankyoldbugger at gmail.com
Sat Dec 28 09:17:22 EST 2019
It looks like a path traversal attack:
https://www.geeksforgeeks.org/path-traversal-attack-prevention/
On Sat, 28 Dec 2019 at 01:50, Paul Nijjar via kwlug-disc <
kwlug-disc at kwlug.org> wrote:
> In my Apache logs I saw something like this, and my search-engine
> skills are weak:
>
> 133.18.209.124 - - [27/Dec/2019:04:09:39 -0500] "GET
> /download.php?file=../../../../../../../../../../../../etc/passwd HTTP/1.1"
> 404 209 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0)
> Gecko/20100101 Firefox/62.0"
>
> It's pretty obvious what they are trying to do, but I am having
> trouble figuring out what the target is, exactly. Is this an exploit
> in a popular web package I should know about?
>
> - Paul
>
> --
> Get tech event listings: https://off-topic.kwlug.org/watcamp
> Blog: http://pnijjar.freeshell.org
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20191228/96afc801/attachment.htm>
More information about the kwlug-disc
mailing list