1. Home
  2. Forums Index
  3. Deprecated / (deprecated) Yahoo SE and Directory 2:32 am May 15, 2026

Forum Moderators: open

Message Too Old, No Replies

Slurp Vulnerability Testing/DB Exploitation?

Slurp

         

moreIdeas

4:13 am on Feb 13, 2006 (gmt 0)

10+ Year Member



I'm performing the daily ritualistic review of logfiles and suprised to see Slurp performing something that appears to be parameter manipulation of this websites' url. e.g somefile.php?tag1=echo /etc/.
Its possible Slurp has discovered a flawed parameter via some scripting or db error, but, this path is used nowhere on the site.
So it made me wonder. Is Yahoo attempting to gather this private information? Probably not, but a scary thought.

abates

12:31 am on Feb 14, 2006 (gmt 0)

10+ Year Member



a couple of possibilities:

1. It's not Slurp at all but someone setting their user agent (did it come from Yahoo's IPs?)

2. Another site has linked to somefile.php?tag1=echo /etc/ and Slurp is merely following the link. Searching for your domain name might locate the culprit?

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Deprecated / (deprecated) Yahoo SE and Directory 2:32 am May 15, 2026