[kwlug-disc] Identify this exploit?

Paul Nijjar paul_nijjar at yahoo.ca
Sat Dec 28 01:49:53 EST 2019


In my Apache logs I saw something like this, and my search-engine
skills are weak: 

133.18.209.124 - - [27/Dec/2019:04:09:39 -0500] "GET /download.php?file=../../../../../../../../../../../../etc/passwd HTTP/1.1" 404 209 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 

It's pretty obvious what they are trying to do, but I am having
trouble figuring out what the target is, exactly. Is this an exploit
in a popular web package I should know about?

- Paul

-- 
Get tech event listings: https://off-topic.kwlug.org/watcamp
Blog: http://pnijjar.freeshell.org




More information about the kwlug-disc mailing list