What's with the accesses to $random_existing_file/cache/df.php?
Posted
by
Bernd Jendrissek
on Server Fault
See other posts from Server Fault
or by Bernd Jendrissek
Published on 2012-12-02T01:55:52Z
Indexed on
2012/12/02
5:07 UTC
Read the original article
Hit count: 483
vulnerabilities
Occasionally I eyeball Apache's access_log and lately I've been noticing these accesses to URLs that I don't serve. They're correctly 404'ed, but I'd like to know just who and what is involved here. "Obviously" it's some sort of vulnerability probing; I'd like to know which. (Not that it affects me, but I like to know the score.) Here's an example:
69.89.31.206 - - [28/Nov/2012:17:36:34 +0200] "GET /cvfull.pdf/cache/df.php HTTP/1.1" 404 489 "-" "-"
Oddly, all 26 attempts are to either /cache/df.php
, or to /cvfull.pdf/cache/df.php
- they come in pairs. A few weeks ago it was zx.php
, now it's df.php
- I'm assuming the target is the same.
Perhaps I should be flattered that a script is thinking of hiring me. Seriously, my CV is one of only two PDF files on my site, so I can only guess that non-PDF URLs aren't interesting?
I've tried Googling for "cache df php", but my Google-fu is weak at the best of times, so I can only find a few reports of other script attacks. What's the vulnerability being scanned for here?
© Server Fault or respective owner