Banshee version: 3.5
Webserver: Hiawatha 8.5
Operating System: Ubuntu Server 12.04 LTS (updated to latest state)
Hi Hugo,
The following is found on the access.log and it seems that attacker want to do something like Remote File Inclusion on my server.
My Ubuntu server is implemented Apparmor and the /etc/passwd directory is restricted to access.
In addition, I also implemented DenyBody for Null Byte on my Virtual Host.
So, the error code for the attacker will be 403.
41.142.250.200 - - [28/Oct/2012:23:35:15 +0800] "POST /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP/1.1" 403 849 "-" "Mozilla/5.0"
My CMS is Banshee 3.5. I wonder if the Banshee 3.5 has the vulnerability of Remote File Inclusion or not.
Thank you.
Samiux