Full Disclosure mailing list archives

Re: New PHP-Attack Vector ?

From: Michael Baker <michael () prattlecorp com>
Date: Tue, 15 Apr 2014 00:20:57 -0400

Seems to be a shopping cart software.  A quick dork for that URI yields a
lot of results that seem to be susceptable to various well-known attack
vectors via a couple of quick (&harmless) manual checks.

- Mike


On Mon, Apr 14, 2014 at 5:29 PM, Thomas Lußnig <lussnig () suche org> wrote:

In the last few days i see more and more scan's for an new php url
"/phpTest/zologize/axa.php" i never seen before on the server.
I think this can be an preparation for an new attack. Is there anything
known about this url and possible defects ?

Information: No Header is send with the request and no Query Parameter
is send.

IP's that Scanned the URL:
61.230.22.153
54.200.15.115
61.19.83.194
103.13.30.157
109.184.190.223
219.144.196.190
219.90.114.133
221.215.217.106
140.116.102.61


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

New PHP-Attack Vector ? Thomas Lußnig (Apr 14)
- <Possible follow-ups>
- Re: New PHP-Attack Vector ? Michael Baker (Apr 14)
  - Re: New PHP-Attack Vector ? Martti Kühne (Apr 15)