Showing 5 results for: January 2012 ×[Honeypot Alert] ×

[Honeypot Alert] Simple Page Options Module for Joomla! Local File Inclusion Attack Detected

Our web honeypots generated the following ModSecurity alert today: [Thu Jan 19 17:55:55 2012] [error] [client 218.145.160.100] ModSecurity: Warning. Pattern match ".*" at TX:950103-WEB_ATTACK/DIR_TRAVERSAL-ARGS:spo_site_lang. [file "/usr/local/apache/conf/crs/base_rules/modsecurity_slr_46_lfi_attacks.conf"] [line "6379"] [id "2074201"] [rev "011712"] [msg "SLR: Simple Page Options Module for Joomla!...

[Honeypot Alert] phpMyAdmin Superglobal Session Manipulation Attack Detected

Our web honeypots have identified attempts to exploit CVE-2011-2505. OSVDB lists the vulnerabilty as - phpMyAdmin libraries/auth/swekey/swekey.auth.lib.php Swekey_login() Function Superglobal Session Manipulation Arbitrary PHP Code Execution. Vulnerability Details The vulnerability lies within the following code snippet of the libraries /auth/swekey/swekey.auth.lib.php...

[Honeypot Alert] Extensive 'setup.php" Scanning Detected

The SpiderLabs Research Team has identified an extensive scanning campaign which aims to enumerate the "setup.php" pages from a vast number of blogging and CMS applications. Below are the probes that we saw on our web honeypots today: GET /3rdparty/phpMyAdmin/scripts/setup.php...

[Honeypot Alert] Multiple Local File Inclusion Attacks

Our web server honeypot log analysis has picked up some targeted local file inclusion (LFI) attacks against few specific PHP components. OpenCart v1.4.9 LFI Here is PoC exploit code: ### # Title : OpenCart 1.4.9 LFI Multiple Vulnerability # Author...