[RCU] Scripts in /bin: exploitable?

Listas listas at informatica.info
Wed Dec 31 15:06:29 CET 2008


Inspecting my logs, I see that cracker tools are developing an increased
interest in Roundcube. For example, tests for the /bin/msgimport shell
script are common.

I'm not sure if they want the script to attempt abusing it (if server
configuration allows that) or to check for the Roundcube version (other
tools display the CHANGELOG file, in what is obviously an
identification+version probe). In any case, why are those scripts in
'roundcube/bin' instead of being elsewhere, outside of the
web-accessible tree?

Carlos

_______________________________________________
List info: http://lists.roundcube.net/users/



More information about the users mailing list