Re: decode http hack attempt?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



See:
http://code.taobao.org/p/tpbase/diff/2/trunk/ThinkPHP/Library/Think/App.class.php

if(!$module) {

+            if('4e5e5d7364f443e28fbf0d3ae744a59a' == CONTROLLER_NAME) {

+                header("Content-type:image/png");

+                exit(base64_decode(App::logo()));

+            }


I think it's way to detect if system is running vulnerable version of
ThinkPHP?


--

Eero

2015-09-24 16:53 GMT+03:00 Tony Mountifield <tony@xxxxxxxxxxxxx>:

> In article <
> e4bd3a73fc95477064436043eb8a37ed.squirrel@xxxxxxxxxxxxxxxxxxxxx>,
> James B. Byrne <byrnejb@xxxxxxxxxxxxx> wrote:
> > Can anyone de-cypher the second entry for me?
> >
> > --------------------- httpd Begin ------------------------
> >
> >
> >  Requests with error response codes
> >     403 Forbidden
> >        /: 9 Time(s)
> >        /?c=4e5e5d7364f443e28fbf0d3ae744a59a: 3 Time(s)
> >
> > I have found the string via Google but have not located any explanation.
>
> It appears to be something to do with a PHP framework called ThinkPHP.
> One of the hits when searching for it is for ThinkPHP on Google Code.
>
> Perhaps there is a vulnerability in ThinkPHP, and this access is from
> a machine scanning for vulnerable sites? Just a guess.
>
> I don't think it has a meaning - it's just a 128-bit number expressed in
> hex.
>
> Cheers
> Tony
>
> --
> Tony Mountifield
> Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk
> Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux