[Dshield] Re: Unusual log activity - any ideas?
Johannes B. Ullrich
jullrich at sans.org
Thu May 2 12:39:03 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
> 217.81.xxx.xxx - - [11/Apr/2002:20:35:35 +0000] "GET /cgi-bin/phf?Qalias
> =%0A/bin/cat%20/etc/passwd HTTP/1.0" 404 205 "-" "-"
Hm. didn't realize that this is still used. definitly part of the
'oldies but goodies' category.
'phf' is a sample cgi script, which came with very early versions
of Apache. Essentially, it was a demo to show how to execute
arbitrary shell commands using cgi.
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the list