-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As I'm not so aware could someone be so kind to help me with a forensic
analysis? I also still do not know which program (propably any php-stuff)
was/is vulnerable.
All I've found so far where these entries in my apache2 error-log.
http://jesusch.de/~jesusch/tmp/error.log
You should check your access logs for entries around Sun Oct 29 20:12:34
2006 to see which requests were done. The vulnerable script is probably in
there with a long url with request parameters containting another url.
- --
- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFFTvw2VYan35+NCKcRAhzbAKCjD8q5FmORHkwha8DINPrPGs+dcQCeIo5V
yvLamaNolw/ES0y6CzKNQnY=
=BL7J
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
