| sean finney on 27 Apr 2009 22:39:21 -0700 |
|
okay, i was curious about this one: On Mon, Apr 27, 2009 at 06:54:23PM -0400, Michael Lazin wrote: > trator/index2.php HTTP/1.1" 200 142884 www.xxx.com "http://www.xxx.com/a > dministrator/index2.php?option=com_content§ionid=0&mosmsg=1%20\xe6\x9d\xa1\x > e7\x9b\xae\xe6\x88\x90\xe5\x8a\x9f\xe5\xa4\x8d\xe5\x88\xb6\xe5\x88\xb0\xe5\x8d\x > 95\xe5\x85\x83:%20\xe6\x89\x80\xe6\x9c\x89\xe6\x96\x87\xe7\xab\xa0,%20\xe5\x88\x > 86\xe7\xb1\xbb:%20\xe5\x8a\xa0\xe6\x8b\xbf\xe5\xa4\xa7\xe7\x94\x9f\xe6\xb4\xbb" > "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Alexa Toolbar)" "-" while initially kinda scary, this doesn't look like shell code/exploit. try this: printf '1 \xe6\x9d\xa1\xe7\x9b\xae\xe6\x88\x90\xe5\x8a\x9f\xe5\xa4\x8d\xe5\x88\xb6\xe5\x88\xb0\xe5\x8d\x95\xe5\x85\x83: \xe6\x89\x80\xe6\x9c\x89\xe6\x96\x87\xe7\xab\xa0, \xe5\x88\x86\xe7\xb1\xbb: \xe5\x8a\xa0\xe6\x8b\xbf\xe5\xa4\xa7\xe7\x94\x9f\xe6\xb4\xbb' > foo.txt (%20 == space which i manually replaced) cat foo.txt: 1 条目成功复制到单元: 所有文章, 分类: 加拿大生活 (for those without proper utf8 support, that's a blob of chinese text). asking google to translate: 1 entry successfully copied to the unit: All articles, Category: Canada Life sean -- Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|