![]() |
|
Directory traversal attack - Printable Version +- ZenphotoCMS Forum (https://forum.zenphoto.org) +-- Forum: Support (https://forum.zenphoto.org/forum-1.html) +--- Forum: General support (https://forum.zenphoto.org/forum-4.html) +--- Thread: Directory traversal attack (/thread-10664.html) |
Directory traversal attack - talkabout - 2012-12-17 Directory traversal attack search.php?action=search&type=../../../../../../../../../../proc/self/environ&where%5B%5D=keywords&keyword= index.php has been manipulated by adding - EXAMPLE: [i]moderator's note: this message is probably spam, so I have redacted the keyword[/i] Directory traversal attack - acrylian - 2012-12-17 Which index.php. Theme or root one. Sure your file/folder permissions are correctly set? That change must not be the result of those links. If I try those links on my local server I get a 404 not found error. Directory traversal attack - sbillard - 2012-12-17 What we seem to have here is a failure to communicate: The only If they actually were run independently of the theme load process they would all abort immediately. If they did not abort immediately they still do no processing of URI query parameters, so the above parameters would do nothing. If somehow you did get to the search engine from those links, the parameters still would be meaningless. We have nowhere an "action" of "search". Search does not make any use of a parameter named "type" nor does it make use of any parameter "keyword" or "keywords". So perhaps you can elaborate on just what you are trying to say here. Directory traversal attack - talkabout - 2012-12-18 @acrylian "Which index.php. Theme or root one." BOTH Directory traversal attack - acrylian - 2012-12-18 So what about the file/folder permissions, what did setup say on installing? Did you contact your host as he might be of help to find out where that came from? |