Security Incidents mailing list archives

Re: Someone scanning for new PHP issues?

From: Sûnnet Beskerming <info () beskerming com>
Date: Mon, 17 Apr 2006 01:46:48 +0930

Jamie,

You are right that the second trap is searching for the hordeexploit. The first one you link to is for the remote code executionexploit in the Vwar gaming clan management system, with exploit codepublished publicly on 02 April 06. For reference, full sampleexploit code is here:


http://milw0rm.com/exploits/1632

For web app exploits such as these, it is simpler to get the detailsout of your web server logs (presuming you are running a web serverat the targeted IP, and are keeping logs) as the extracts you provideonly confuse the issue for simple attack vectors like these.


On 16/04/2006, at 9:34 AM, Jamie Riden wrote:

......
0x0040: 7677 6172 2f69 6e63 6c75 6465 732f 6765 vwar/includes/ge
......
0x0040: 7765 626d 6169 6c2f 686f 7264 652f 7365 webmail/horde/se



Sincerely,

Carl Jongsma
info () beskerming com
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
http://www.skiifwrald.com/sunnet
Tel: 0410 707 444 / 08 8283 1154

Jongsma & Jongsma Pty. Ltd.

Established in mid 2004, Jongsma & Jongsma Pty. Ltd. is a pureResearch and Development company focussing on advanced software andhardware concepts. Since inception, Jongsma & Jongsma Pty. Ltd. hasalready developed software tools for advanced user and securitymanagement in web applications, complete data protection, andeffective phishing defences for financial companies.


Sûnnet Beskerming Pty. Ltd.

Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sistercompany to Jongsma & Jongsma Pty. Ltd., and was formed to develop andcommercialise the research coming out of Jongsma & Jongsma Pty. Ltd..Sûnnet Beskerming Pty. Ltd. is an Information Security specialistand, in conjunction with the tools developed by Jongsma & JongsmaPty. Ltd., provides total security solutions and services, from theperimeter to internal data stores, including web application securityand security testing and analysis.

Current thread:

Someone scanning for new PHP issues? Jamie Riden (Apr 15)
- Re: Someone scanning for new PHP issues? Bojan Zdrnja (Apr 16)
- Message not available
  - Re: Someone scanning for new PHP issues? Sûnnet Beskerming (Apr 16)