Re: help needed

To: debian-security@lists.debian.org
Subject: Re: help needed
From: Arthur de Jong <adejong@debian.org>
Date: Mon, 6 Nov 2006 10:11:16 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.62.0611061006240.2356@bobo.thuis.net>
In-reply-to: <[🔎] 454EF573.8090603@boschman.de>
References: <[🔎] 454EF573.8090603@boschman.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As I'm not so aware could someone be so kind to help me with a forensicanalysis? I also still do not know which program (propably any php-stuff)was/is vulnerable.
All I've found so far where these entries in my apache2 error-log.

http://jesusch.de/~jesusch/tmp/error.log

You should check your access logs for entries around Sun Oct 29 20:12:342006 to see which requests were done. The vulnerable script is probably inthere with a long url with request parameters containting another url.

- --- -- arthur - adejong@debian.org - http://people.debian.org/~adejong --

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFTvw2VYan35+NCKcRAhzbAKCjD8q5FmORHkwha8DINPrPGs+dcQCeIo5V
yvLamaNolw/ES0y6CzKNQnY=
=BL7J
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: help needed
  - From: Bjoern Boschman <bjoern@boschman.de>

References:
- help needed
  - From: Bjoern Boschman <bjoern@boschman.de>

Prev by Date: help needed
Next by Date: Re: Register
Previous by thread: help needed
Next by thread: Re: help needed
Index(es):
- Date
- Thread