Mobile app version of vmapp.org
Login or Join
Jennifer507

: What is the purpose of the appserv_root requests? I see a lot of requests for nonexistent php files on my website. They tend to have a querystring like appserv_root=http://www.example.com, using

@Jennifer507

Posted in: #Php #Security

I see a lot of requests for nonexistent php files on my website. They tend to have a querystring like appserv_root=http://www.example.com, using domains with evil-looking php code.

I am pretty confident that this is trying to make use of some php vulnerability or other. So, I am curious:


What vulnerability is this trying to make use of?
How does one protect against this vulnerability?
What in the site configuration would be changed if this vulnerability was successfully exploited?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Jennifer507

1 Comments

Sorted by latest first Latest Oldest Best

 

@Sarah324

Looks like they're trying to do a remote file include attack. Looks like this is the vulnerability they are trying to exploit but I'm not 100% sure of it. I'm guessing you look safe if you're not using that application and/or have register_globals turned off (which you always should).

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme