Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Someone scanning for new PHP issues?

from [Sûnnet Beskerming] Network Security [Permanent Link]
Subject: Re: Someone scanning for new PHP issues?
Date: Mon, 17 Apr 2006 01:46:48 +0930 
Jamie,

You are right that the second trap is searching for the horde exploit. The first one you link to is for the remote code execution exploit in the Vwar gaming clan management system, with exploit code published publicly on 02 April 06. For reference, full sample exploit code is here:

http://milw0rm.com/exploits/1632

For web app exploits such as these, it is simpler to get the details out of your web server logs (presuming you are running a web server at the targeted IP, and are keeping logs) as the extracts you provide only confuse the issue for simple attack vectors like these.

On 16/04/2006, at 9:34 AM, Jamie Riden wrote:

......
0x0040: 7677 6172 2f69 6e63 6c75 6465 732f 6765 vwar/ includes/ge
......
0x0040: 7765 626d 6169 6c2f 686f 7264 652f 7365 webmail/ horde/se 


Sincerely,

Carl Jongsma
info@beskerming.com
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
http://www.skiifwrald.com/sunnet
Tel: 0410 707 444 / 08 8283 1154

Jongsma & Jongsma Pty. Ltd.

Established in mid 2004, Jongsma & Jongsma Pty. Ltd. is a pure Research and Development company focussing on advanced software and hardware concepts. Since inception, Jongsma & Jongsma Pty. Ltd. has already developed software tools for advanced user and security management in web applications, complete data protection, and effective phishing defences for financial companies.

Sûnnet Beskerming Pty. Ltd.

Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and commercialise the research coming out of Jongsma & Jongsma Pty. Ltd.. Sûnnet Beskerming Pty. Ltd. is an Information Security specialist and, in conjunction with the tools developed by Jongsma & Jongsma Pty. Ltd., provides total security solutions and services, from the perimeter to internal data stores, including web application security and security testing and analysis.




[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Someone scanning for new PHP issues?, Bojan Zdrnja
Next by Date:  New site about security conferences : www.security-briefings.com, newslist@security-briefings.com
Previous by Thread:  Re: Someone scanning for new PHP issues?, Bojan Zdrnja
Next by Thread:  New site about security conferences : www.security-briefings.com, newslist@security-briefings.com
Indexes:  [Date] [Thread] [Top] [All Lists]