Jamie,
You are right that the second trap is searching for the horde
exploit. The first one you link to is for the remote code execution
exploit in the Vwar gaming clan management system, with exploit code
published publicly on 02 April 06. For reference, full sample
exploit code is here:
http://milw0rm.com/exploits/1632
For web app exploits such as these, it is simpler to get the details
out of your web server logs (presuming you are running a web server
at the targeted IP, and are keeping logs) as the extracts you provide
only confuse the issue for simple attack vectors like these.
On 16/04/2006, at 9:34 AM, Jamie Riden wrote:
......
0x0040: 7677 6172 2f69 6e63 6c75 6465 732f 6765 vwar/
includes/ge
......
0x0040: 7765 626d 6169 6c2f 686f 7264 652f 7365 webmail/
horde/se
Sincerely,
Carl Jongsma
[EMAIL PROTECTED]
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
http://www.skiifwrald.com/sunnet
Tel: 0410 707 444 / 08 8283 1154
Jongsma & Jongsma Pty. Ltd.
Established in mid 2004, Jongsma & Jongsma Pty. Ltd. is a pure
Research and Development company focussing on advanced software and
hardware concepts. Since inception, Jongsma & Jongsma Pty. Ltd. has
already developed software tools for advanced user and security
management in web applications, complete data protection, and
effective phishing defences for financial companies.
Sûnnet Beskerming Pty. Ltd.
Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist
and, in conjunction with the tools developed by Jongsma & Jongsma
Pty. Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.
