2018年5月7日 星期一

從 Web Log 學習系統漏洞 11

除了一堆攻擊 phpMyAdmin 跟 百度爬蟲 的, 現在又多了一些新東西


80.82.70.187 - - [06/May/2018:12:31:11 +0800] "GET http://www.baidu.com/cache/global/img/gs.gif HTTP/1.1" 404 221
107.170.239.199 - - [06/May/2018:13:03:00 +0800] "GET / HTTP/1.1" 200 1692
204.16.194.19 - - [06/May/2018:14:07:47 +0800] "GET / HTTP/1.0" 200 1692
204.16.194.19 - - [06/May/2018:14:10:30 +0800] "POST /sdk HTTP/1.1" 404 201
204.16.194.19 - - [06/May/2018:14:10:30 +0800] "GET / HTTP/1.0" 200 1692

204.16.194.19 - - [06/May/2018:14:10:30 +0800] "GET / HTTP/1.1" 200 1692
204.16.194.19 - - [06/May/2018:14:10:31 +0800] "GET /nmaplowercheck1525587048 HTTP/1.1" 404 222
不曉得是什麼, 使用NMAP探測?

 204.16.194.19 - - [06/May/2018:14:10:31 +0800] "GET /HNAP1 HTTP/1.1" 404 203
189.130.207.6 - - [06/May/2018:16:13:29 +0800] "GET / HTTP/1.1" 200 1692
189.130.207.6 - - [06/May/2018:16:13:29 +0800] "POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1" 404 211
189.130.207.6 - - [06/May/2018:16:13:35 +0800] "GET / HTTP/1.1" 200 1692
189.130.207.6 - - [06/May/2018:16:13:55 +0800] "POST /GponForm/diag_Form?images/ HTTP/1.1" 404 216
GPON光纖路由器漏洞?

 189.130.207.6 - - [06/May/2018:16:14:00 +0800] "GET /jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system%3Aservice%3DMainDeployer HTTP/1.1" 404 221
JBoss遠端部署工具漏洞?

 31.184.193.154 - - [06/May/2018:17:58:41 +0800] "GET / HTTP/1.0" 200 1692
139.162.108.53 - - [06/May/2018:18:00:09 +0800] "GET / HTTP/1.1" 200 1692
42.51.196.42 - - [06/May/2018:18:53:01 +0800] "GET / HTTP/1.1" 200 1692
110.167.91.126 - - [06/May/2018:18:53:02 +0800] "GET /favicon.ico HTTP/1.1" 200 5174
221.11.228.125 - - [06/May/2018:18:53:03 +0800] "GET /os61879085.aspx?name=ogFoot HTTP/1.1" 404 213
估狗後只找到一間俄羅斯賣輪胎的網站 😅

 1.28.91.222 - - [06/May/2018:18:53:03 +0800] "GET /favicon.ico HTTP/1.1" 200 5174
221.13.12.72 - - [06/May/2018:18:53:03 +0800] "GET /os34477223.aspx?name=ogFoot HTTP/1.1" 404 213
跟上面一樣的東西?

 180.95.216.33 - - [06/May/2018:18:53:03 +0800] "GET /ogBack.aspx HTTP/1.1" 404 209
221.13.12.96 - - [06/May/2018:18:53:04 +0800] "GET /ogBack.aspx HTTP/1.1" 404 209
找不到跟ogBack有關的東西

 180.167.34.187 - - [06/May/2018:18:53:11 +0800] "GET /?f=search&m=index&keyword=aaa%2527%256F%2572%2520%2575%2570%2564%2561%2574%2565%2578%256D%256C%2528%2531%252C%2563%256F%256E%2563%2561%2574%2528%2531%252C%256D%2564%2535%2528%2531%2529%2529%252C%2531%2529%2523 HTTP/1.1" 200 1692
180.167.34.187 - - [06/May/2018:18:56:14 +0800] "GET /?f=search&m=index&keyword=aaa%2527%256F%2572%2520%2575%2570%2564%2561%2574%2565%2578%256D%256C%2528%2531%252C%2563%256F%256E%2563%2561%2574%2528%2531%252C%256D%2564%2535%2528%2531%2529%2529%252C%2531%2529%2523 HTTP/1.1" 200 1692
轉碼後為 /?f=search&m=index&keyword=aaa'or updatexml(1,concat(1,md5(1)),1)#

 80.82.70.187 - - [06/May/2018:21:36:24 +0800] "GET http://www.baidu.com/cache/global/img/gs.gif HTTP/1.1" 404 221
193.112.154.67 - - [06/May/2018:22:33:57 +0800] "GET /mysql/index.php HTTP/1.1" 404 213
193.112.154.67 - - [06/May/2018:22:33:58 +0800] "GET /admin/index.php HTTP/1.1" 404 213
112.66.97.44 - - [06/May/2018:22:33:58 +0800] "GET /os61879085.aspx?name=ogFoot HTTP/1.1" 404 213
106.45.0.186 - - [06/May/2018:22:33:58 +0800] "GET /favicon.ico HTTP/1.1" 200 5174
116.252.2.183 - - [06/May/2018:22:34:01 +0800] "GET /os34477223.aspx?name=ogFoot HTTP/1.1" 404 213
221.13.12.64 - - [06/May/2018:22:34:01 +0800] "GET /ogBack.aspx HTTP/1.1" 404 209
180.95.217.91 - - [06/May/2018:22:34:02 +0800] "GET /ogBack.aspx HTTP/1.1" 404 209
139.170.68.81 - - [06/May/2018:22:34:08 +0800] "GET /view/img/favicon.ico HTTP/1.1" 404 218
58.19.58.144 - - [06/May/2018:22:34:09 +0800] "GET /home/favicon.ico HTTP/1.1" 404 214
116.252.0.207 - - [06/May/2018:22:34:19 +0800] "GET /2/favicon.ico HTTP/1.1" 404 211
1.30.24.20 - - [06/May/2018:22:34:20 +0800] "GET /3/favicon.ico HTTP/1.1" 404 211
123.14.127.6 - - [06/May/2018:22:34:21 +0800] "GET / HTTP/1.1" 200 1692
at
分類:

沒有留言:

張貼留言