I wrote:
> Doak wrote:
>
> > > Is there no moderation for this? In any case they do appear to be
> > > spam. They are all by the same user, posted in quick succession on the
> > > same day, and the package files are all JPGs.
> >
> > With some strange content?
> > ------------------------------------------------
> > 00000000 ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 |......JFIF.....H|
> > 00000010 00 48 00 00 ff fe 00 32 3c 3f 70 68 70 20 65 63 |.H.....2<?php ec|
> > 00000020 68 6f 28 6d 64 35 28 27 61 63 75 6e 65 74 69 78 |ho(md5('acunetix|
> > 00000030 2d 66 69 6c 65 2d 75 70 6c 6f 61 64 2d 74 65 73 |-file-upload-tes|
> > 00000040 74 27 29 29 3b 20 3f 3e ff db 00 43 00 05 03 04 |t')); ?>...C....|
> > 00000050 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 |................|
> > 00000060 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 |................|
> > ------------------------------------------------
> >
> > I don't know much about jpeg, but imho this is not a regular content, is it?
>
> Looks like someone trying out if injecting PHP through an image works.
> Perhaps someone familiar with PHP vulnerabilities knows what is going
> on? Could be related to an SQL injection as well.
Note that searching for acunetix-file-upload-test returns some
interesting hints.
--
An indication you must be a manager:
You can explain to somebody the difference between "re-engineering",
"down-sizing", "right-sizing", and "firing people's asses".
/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
No comments:
Post a Comment