Koozali.org: home of the SME Server

Other Languages => Français => Topic started by: gieres on July 03, 2025, 10:16:32 PM

Title: possible exploit
Post by: gieres on July 03, 2025, 10:16:32 PM

Bonjour,
Je m'inquiète de ce rapport journalier :

Code: [Select]

A total of 5 possible successful probes were detected (the following URLs
 contain strings that match one or more of a listing of strings that
 indicate a possible exploit):
 
    /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP Response 200
    /?InternalDir=%5C..%5C..%5C..%5C..%5Cetc&InternalFile=passwd HTTP Response 200
    /?__kubio-site-edit-iframe-preview=1&__kubio-site-edit-iframe-classic-template=../../../../../../../../etc/passwd HTTP Response 200
    /?p=3232&wp_automatic=download&link=file:///etc/passwd HTTP Response 200
    /?UrkCEO/edit&theme=margot&squelette=../../../../../../etc/passwd&style=margot.css HTTP Response 200
Ai-je tort ?
D'avance merci.

Title: Re: possible exploit
Post by: Jean-Philippe Pialasse on July 04, 2025, 10:54:29 PM

trouve la ligne en question dans tes logs.
tente de les reproduire. et le résultat 404 vs 200
verifie si l'ibay en question a un phpbasedit activé et son contenu.

dur a dire rien qu'avec un rapport de ce type

Title: Re: possible exploit
Post by: Jean-Philippe Pialasse on July 05, 2025, 01:04:17 AM

wp plugin vulnerability and so on
https://vulners.com/nuclei/NUCLEI:CVE-2024-12209
https://vulners.com/nuclei/NUCLEI:CVE-2025-2294