PEAK XOOPS - Injecting Null-byte... - What does it mean? in englishin japanese

Top  >  XOOPS Modules  >  Protector (Previous topic|Next topic)

Injecting Null-byte... - What does it mean?

  • You cannot open a new topic into this forum
  • Guests cannot post into this forum
Tree order Newer is upper

none Injecting Null-byte... - What does it mean?

msg# 1
Previous post - Next post | Parent - Children.1 | Posted on 2006/11/20 3:01
tedsmith  ¸àĹ   Posts: 64
Hi

Could anyone tell me what these Protector logs mean? 


2006/11/8 2:20:51  	Guests  	195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 	NullByte 	Injecting Null-byte '//195.209.41.200/folder/info.txt ' found.
	2006/11/8 2:20:30 	Guests 	195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 	NullByte 	Injecting Null-byte 'php://input ' found.
	2006/11/8 2:19:59 	Guests 	195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 	NullByte 	Injecting Null-byte 'php://input ' found.
	2006/11/6 18:29:38 	Guests 	195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 	NullByte 	Injecting Null-byte '//195.209.41.200/folder/info.txt ' found.
	2006/11/6 18:29:16 	Guests 	195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 	NullByte 	Injecting Null-byte 'php://input ' found.
	2006/11/6 18:29:11 	Guests 	195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 	NullByte 	Injecting Null-byte '//195.209.41.200/folder/info.txt ' found.
	2006/11/6 18:28:54 	Guests 	195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 	NullByte 	Injecting Null-byte 'php://input ' found.
	2006/11/6 14:50:08 	Guests 	195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 	NullByte 	Injecting Null-byte '//195.209.41.200/folder/info.txt ' found.

The only reference I haqve found to it is in this news article :

http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=111

but I do not understand.

Does this look like a manual hacking attempt by a deliberate individual?

Thanks

Ted
Votes:0 Average:0.00

none Re: Injecting Null-byte... - What does it mean?

msg# 1.1
Previous post - Next post | Parent - Children.1 | Posted on 2006/11/21 5:29
GIJOE  ÀèǤ·³Áâ   Posts: 4110
It looks real attacking log
Using "php://input" means a definite malice.
Anyway the log means protector prevent from the attack.

Of course, I don't know another attacks were tried or not.
Votes:0 Average:0.00

none Re: Injecting Null-byte... - What does it mean?

msg# 1.1.1
Previous post - Next post | Parent - No child | Posted on 2006/11/23 3:46
tedsmith  ¸àĹ   Posts: 64
Thanks GIJOE.

I have looked up some info about the 'technique' of null byte injections which can be read about here :

http://ha.ckers.org/blog/20060914/php-vulnerable-to-null-byte-injection/

Thanks GIJOE for your super module!

Ted
Votes:0 Average:0.00
Tree order Newer is upper

  Advanced search

Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!