Full Disclosure mailing list archives
Re: New PHP-Attack Vector ?
From: Michael Baker <michael () prattlecorp com>
Date: Tue, 15 Apr 2014 00:20:57 -0400
Seems to be a shopping cart software. A quick dork for that URI yields a lot of results that seem to be susceptable to various well-known attack vectors via a couple of quick (&harmless) manual checks. - Mike On Mon, Apr 14, 2014 at 5:29 PM, Thomas Lußnig <lussnig () suche org> wrote:
In the last few days i see more and more scan's for an new php url "/phpTest/zologize/axa.php" i never seen before on the server. I think this can be an preparation for an new attack. Is there anything known about this url and possible defects ? Information: No Header is send with the request and no Query Parameter is send. IP's that Scanned the URL: 61.230.22.153 54.200.15.115 61.19.83.194 103.13.30.157 109.184.190.223 219.144.196.190 219.90.114.133 221.215.217.106 140.116.102.61 _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- New PHP-Attack Vector ? Thomas Lußnig (Apr 14)
- <Possible follow-ups>
- Re: New PHP-Attack Vector ? Michael Baker (Apr 14)
- Re: New PHP-Attack Vector ? Martti Kühne (Apr 15)