phpMyChat scan
I just found the following nice scan in one of my web servers:
Well, next time they come back I will have a dummy php script at these URLs to take a look what they are trying to acchieve. The program they are trying to exploit, phpMyChat, can be found here: http://www.phpheaven.net/phpmychat:home . The versions referenced about (14.2 and 14.5) came out in 2000 and 2001, so almost 5 years old now. The project looks a bit abandond.
If someone got details, let use know!
Update: Our reader Toni pointed out that phpmychat has multiple file inclusion issues if "register_globals" is not disabled. He also found this vulnerability: http://www.securityfocus.com/bid/17382/info
"GET //chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0I guess it is safe to assume that the origin is not a 'Windows 98' machine as the client string suggests. The IP resolves to a server which identifies itself as 'Apache/1.3.31 (Unix)'.
(compatible; MSIE 6.0; Windows 98)"
"GET /chat//chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
"GET /phpchat//chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
"GET /PhpMyChat//chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
"GET /chatroom//chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
"GET /chats//chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
"GET /forum//chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
"GET /php/phpmychat//chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
"GET /phpMyChat-0.14.2//chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
"GET /phpMyChat-0.14.5//chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
"GET /phpMyChat//chat/messagesL.php3 HTTP/1.1" 401 127 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
Well, next time they come back I will have a dummy php script at these URLs to take a look what they are trying to acchieve. The program they are trying to exploit, phpMyChat, can be found here: http://www.phpheaven.net/phpmychat:home . The versions referenced about (14.2 and 14.5) came out in 2000 and 2001, so almost 5 years old now. The project looks a bit abandond.
If someone got details, let use know!
Update: Our reader Toni pointed out that phpmychat has multiple file inclusion issues if "register_globals" is not disabled. He also found this vulnerability: http://www.securityfocus.com/bid/17382/info
Keywords:
0 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
Diary Archives
Comments