Published: 2006-04-25,
:2006-04 - 25を発表しました、
Last Updated: 2006-04-25 13:15:00 UTC by Pedro Bueno (Version: 1)
最新アップデート:2006-04-25 ペドロ・ブエノによっての13:15:00の UTC (バージョン:1)
:2006-04 - 25を発表しました、
Last Updated: 2006-04-25 13:15:00 UTC by Pedro Bueno (Version: 1)
最新アップデート:2006-04-25 ペドロ・ブエノによっての13:15:00の UTC (バージョン:1)
Today we got an interesting email...it was reporting a strange http request:
今日我々は面白い電子メールを受けとりました...それは奇妙な http のリクエストを報告していました:
--------------------------------------------------------------------------------
POST /thumbs/index.php HTTP/1.1
Host: example.com
Connection: keep-alive
Content-Length: 0
Cookie: cat /etc/passwd
Referer: http://example.com/thumbs/index.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Pragma: no-cache
Cache-Control: no-cache
accept_language: cat /etc/passwd
accept_ip: cat /etc/passwd
ip: cat /etc/passwd
accept_whynot: cat /etc/passwd
accept_phpinfo: cat /etc/passwd
accept_redlight: cat /etc/passwd
accept_ASE: cat /etc/passwd
accept_X: cat /etc/passwd
USER_X87NEK: cat /etc/passwd
ACCEPT_HHT: cat /etc/passwd
Accept_MUZZ: cat /etc/passwd
Accept_MusicIsTheKey: cat /etc/passwd
Accept_encoding: cat /etc/passwd
Accept_MS: cat /etc/passwd
ACCEPT_SHREK: cat /etc/passwd
ACCEPT_s1yntr1o: cat /etc/passwd
ACCEPT_shockfx: cat /etc/passwd
ACCEPT_COOLHK: cat /etc/passwd
ACCEPT_l0ve: cat /etc/passwd
Morgoth: cat /etc/passwd
ACCEPT_ShAd0w: cat /etc/passwd
ACCEPT_bk4712: cat /etc/passwd
Accept_BBBS: cat /etc/passwd
ACCEPT_Resys: cat /etc/passwd
ACCEPT_XPW: cat /etc/passwd
BC: cat /etc/passwd
ZION: cat /etc/passwd
cmd: cat /etc/passwd
ACCEPT_netsploiter: cat /etc/passwd
ACCEPT_jayman: cat /etc/passwd
ACCEPT_Joschi: cat /etc/passwd
ACCEPT_MechW: cat /etc/passwd
ACCEPT_slickrick: cat /etc/passwd
ACCEPT_Banana: cat /etc/passwd
ACCEPT_H33p3r: cat /etc/passwd
ACCEPT_KaIzeR: cat /etc/passwd
ACCEPT_Joschi: cat /etc/passwd
Content-type: application/x-www-form-urlencoded
While this is a 'strange' http request, we believe that nothing on the 'cat /etc/passwd' part would be done on the webserver side...
これが「奇妙な」 http のリクエストである間に、我々は「猫 /etc/passwd」部分に関する何も Web サーバ側でされないであろうと信じます・・・。
So, our request is to know if have you ever seen this before...
それで、我々のリクエストはこれほど前に見られて今までにあなたを知る、もし持つことです・・・。
---------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno //&&// isc. sans. org)
今日我々は面白い電子メールを受けとりました...それは奇妙な http のリクエストを報告していました:
--------------------------------------------------------------------------------
POST /thumbs/index.php HTTP/1.1
Host: example.com
Connection: keep-alive
Content-Length: 0
Cookie: cat /etc/passwd
Referer: http://example.com/thumbs/index.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Pragma: no-cache
Cache-Control: no-cache
accept_language: cat /etc/passwd
accept_ip: cat /etc/passwd
ip: cat /etc/passwd
accept_whynot: cat /etc/passwd
accept_phpinfo: cat /etc/passwd
accept_redlight: cat /etc/passwd
accept_ASE: cat /etc/passwd
accept_X: cat /etc/passwd
USER_X87NEK: cat /etc/passwd
ACCEPT_HHT: cat /etc/passwd
Accept_MUZZ: cat /etc/passwd
Accept_MusicIsTheKey: cat /etc/passwd
Accept_encoding: cat /etc/passwd
Accept_MS: cat /etc/passwd
ACCEPT_SHREK: cat /etc/passwd
ACCEPT_s1yntr1o: cat /etc/passwd
ACCEPT_shockfx: cat /etc/passwd
ACCEPT_COOLHK: cat /etc/passwd
ACCEPT_l0ve: cat /etc/passwd
Morgoth: cat /etc/passwd
ACCEPT_ShAd0w: cat /etc/passwd
ACCEPT_bk4712: cat /etc/passwd
Accept_BBBS: cat /etc/passwd
ACCEPT_Resys: cat /etc/passwd
ACCEPT_XPW: cat /etc/passwd
BC: cat /etc/passwd
ZION: cat /etc/passwd
cmd: cat /etc/passwd
ACCEPT_netsploiter: cat /etc/passwd
ACCEPT_jayman: cat /etc/passwd
ACCEPT_Joschi: cat /etc/passwd
ACCEPT_MechW: cat /etc/passwd
ACCEPT_slickrick: cat /etc/passwd
ACCEPT_Banana: cat /etc/passwd
ACCEPT_H33p3r: cat /etc/passwd
ACCEPT_KaIzeR: cat /etc/passwd
ACCEPT_Joschi: cat /etc/passwd
Content-type: application/x-www-form-urlencoded
While this is a 'strange' http request, we believe that nothing on the 'cat /etc/passwd' part would be done on the webserver side...
これが「奇妙な」 http のリクエストである間に、我々は「猫 /etc/passwd」部分に関する何も Web サーバ側でされないであろうと信じます・・・。
So, our request is to know if have you ever seen this before...
それで、我々のリクエストはこれほど前に見られて今までにあなたを知る、もし持つことです・・・。
---------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno //&&// isc. sans. org)