2020年9月20日 星期日

從 Web Log 學習系統漏洞 66

 weblog 中出現了這段記錄

185.234.217.231 - - [19/Sep/2020:18:40:37 +0800] "PUT /myjsp.jsp/ HTTP/1.1" 500 534 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36"
185.234.217.231 - - [19/Sep/2020:18:40:38 +0800] "PUT /myjsp.jsp/ HTTP/1.1" 500 534 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36"
185.234.217.231 - - [19/Sep/2020:18:40:38 +0800] "GET /myjsp.jsp HTTP/1.1" 404 207 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36"
185.234.217.231 - - [19/Sep/2020:18:40:39 +0800] "PUT /myjsp.jsp/ HTTP/1.1" 500 534 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36"
185.234.217.231 - - [19/Sep/2020:18:40:39 +0800] "GET /myjsp.jsp HTTP/1.1" 404 207 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36"
185.234.217.231 - - [19/Sep/2020:18:40:40 +0800] "PUT /myjsp.jsp/ HTTP/1.1" 500 534 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36"
185.234.217.231 - - [19/Sep/2020:18:40:40 +0800] "GET /etc/passwd HTTP/1.1" 404 208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36"

jsp 這東西是 tomcat 在用的, 不過我對 tomcat 沒研究, 只是這個 myjsp.jsp 的東西看起來像是初學者平常練習寫的程式, 不曉得跑來我這測試幹嘛? 接著最後的 /etc/passwd 擺明就是來偷資料的, 除了這個看起來是沒有危害的感覺

沒有留言:

張貼留言