On Thursday, Jun 12, 2003, at 04:15 America/Lima, Christine Kronberg wrote: >> 21.10.41.230 0 - - [07/Jun/2003:09:32:16 -0500] "GET >> /index.php?page=../../../../../../../../../../../../../../../etc/ >> passwd >> HTTP/1.1" 200 38508 > > 38508 bytes transferred? What does your server send? > This is what it sends when pasting "/index.php?page=../../../../../../../../../../../../../../../etc/ passwd" Seems generic stuff. Can anybody else try it and see what it gets? BTW, smmsp and mysql are not enabled/installed on that server. -O ## # User Database # # Note that this file is consulted when the system is running in single-user # mode. At other times this information is handled by lookupd. By default, # lookupd gets information from NetInfo, so this file will not be consulted # unless you have changed lookupd's configuration. ## nobody:*:-2:-2:Unprivileged User:/nohome:/noshell root:*:0:0:System Administrator:/var/root:/bin/tcsh daemon:*:1:1:System Services:/var/root:/noshell smmsp:*:25:25:Sendmail User:/private/etc/mail:/noshell www:*:70:70:World Wide Web Server:/Library/WebServer:/noshell mysql:*:74:74:MySQL Server:/nohome:/noshell sshd:*:75:75:sshd Privilege separation:/var/empty:/noshell unknown:*:99:99:Unknown User:/nohome:/noshell ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 10:45:13 PDT