[Dshield] Webcal Exploit?

Frank Knobbe frank at knobbe.us
Tue Feb 7 15:49:59 GMT 2006


On Tue, 2006-02-07 at 06:51 -0500, George A. Theall wrote:
> As I'm sure you're aware, this rule is a general one for PHP code
> injection, not a check for this specific vulnerability. 

Yup, noticed that when looking up the BID which is specific to WebCal.
Thus we didn't add the BID reference to the rule. It will detect such
exploit attempts though (and a gazillion more... the amount of web apps
vulnerable to php inclusion is rather high).

Cheers,
Frank

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20060207/c4179ba4/attachment.bin


More information about the list mailing list