Incidents
Suspicious 404's Jul 12 2006 02:44PM
dso (dso moosoft com) (2 replies)
Re: Suspicious 404's Jul 16 2006 03:06PM
Joel Esler (eslerj gmail com) (1 replies)
Re: Suspicious 404's Jul 18 2006 09:07PM
Jose David Hidalgo Herrera (joseche gmail com)
I don't believe this is the case, if you look for the javascript:
ypSimpleScroll
you will find substring that caused this thread.

But it is a interesting idea, to exploit log reviewing tools that way.

On 7/16/06, Joel Esler <eslerj (at) gmail (dot) com [email concealed]> wrote:
> I have seen some entries in weblogs recently that are actually
> intended to be executed upon log readback.
>
> For instance. Some log entries are actually exploiting stuff like
> awstats and similar log review tools, and making those tools execute
> code, instead of the actual http service.
>
> Kinda smart actually.
>
> J
>
>
> On Jul 12, 2006, at 10:44 AM, dso wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I got some suspicious error reports overnight. In my own research it
> > looks like an attempt to exploit a very old bug. Perhaps it is
> > very new.
> >
> > For brevity I have not included the header in each one.
> >
> > A 404 error was encountered by 212.143.111.82 on Wed Jul 12 2006
> > 6:03:09
> > EDT.
> >
> > The URI which generated the error is:
> > /.JPEG
> > /.jpeg
> > /.JPG
> > /.jpg
> > /.GIF
> > /.gif
> > /%0A%7D%0AypSlideOutMenu.prototype.mov
> > /window.clearTimeout(this.aniTimer)%0Athis.mov
> > /d%0Athis.mov
> >
> > Daniel
> >
> > - --
> > MooSoft Development Inc
> > http://www.moosoft.com
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2.1 (Cygwin)
> >
> > iD8DBQFEtQrLOIPyvowS3NoRAu/fAKCI5qtqHV+F8E/VPtqhxMiYo6TRtQCdGNWi
> > cFU7DvMb0wfzeVRuPcn5fwY=
> > =7Y13
> > -----END PGP SIGNATURE-----
> >
> > ----------------------------------------------------------------------
> > --------
> > This List Sponsored by: Black Hat
> >
> > Attend the Black Hat Briefings & Training USA, July 29-August 3 in
> > Las Vegas.
> > World renowned security experts reveal tomorrow's threats today.
> > Free of
> > vendor pitches, the Briefings are designed to be pragmatic
> > regardless of your
> > security environment. Featuring 36 hands-on training courses and 10
> > conference
> > tracks, networking opportunities with over 2,500 delegates from 40+
> > nations.
> >
> > http://www.blackhat.com
> > ----------------------------------------------------------------------
> > --------
> >
>
> Joel Esler
>
>
>
>
> ------------------------------------------------------------------------
------
> This List Sponsored by: Black Hat
>
> Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
> World renowned security experts reveal tomorrow's threats today. Free of
> vendor pitches, the Briefings are designed to be pragmatic regardless of your
> security environment. Featuring 36 hands-on training courses and 10 conference
> tracks, networking opportunities with over 2,500 delegates from 40+ nations.
>
> http://www.blackhat.com
> ------------------------------------------------------------------------
------
>
>

--
Más sabe el loco en su casa que el cuerdo en la ajena.

[ reply ]
Re: Suspicious 404's Jul 12 2006 08:34PM
Peter Kosinar (goober ksp sk)


 

Privacy Statement
Copyright 2010, SecurityFocus