Skip to content

Instantly share code, notes, and snippets.

@renancouto
Last active February 1, 2023 09:36
Show Gist options
  • Save renancouto/0ad35842f1c536c1dbbe to your computer and use it in GitHub Desktop.
Save renancouto/0ad35842f1c536c1dbbe to your computer and use it in GitHub Desktop.
A collection of weird URLs that I think are used to exploit security vulnerabilities on web apps
  • /manager/html (Apache Tomcat)
  • http://123.249.24.233/POST_ip_port.php
  • /tmUnblock.cgi
  • /HNAP1/
  • /phpMyAdmin/scripts/setup.php (PHPMyAdmin)
  • /pma/scripts/setup.php
  • /myadmin/scripts/setup.php
  • /MyAdmin/scripts/setup.php
  • /vyvy/vyv/vy.php
  • /cgi-sys/php5
  • /cgi-bin/test-cgi
  • /cgi-bin/printenv
  • /cgi-bin/test.cgi
  • /cgi-bin/test.pl
  • /cgi-bin/test.sh
  • /cgi-bin/teste.pl
  • /cgi-bin/teste.cgi
  • /cgi-bin/teste.sh
  • /cgi-bin/print-env
  • /cgi-bin/print.pl
  • /cgi-bin/print.cgi
  • /cgi-bin/printenv.sh
  • /dpdp/dpd/dp.php
  • /upup/upu/up.php
  • /admin/fckeditor/editor/filemanager/browser/default/connectors/test.html
  • /web-console/ServerInfo.jsp
  • /vtigercrm/
  • /operator/basic.shtml (AXIS 206 Network Camera)
  • /secure/ltx_conf.htm (M30X / M306 Wireless Ethernet Monitor)
  • /syslog.htm (Linux?)
@anhducbkhn
Copy link

http://123.249.24.233/POST_ip_port.php what is it? and why it appear in my apache access.log

@rained23
Copy link

@g33klord
Copy link

in mine too:

script '/var/www/html/POST_ip_port.php' not found or unable to stat, referer: http://123.249.24.233/POST_ip_port.phpAccept: /

@renancouto
Copy link
Author

Hi guys, I really don't know about this http://123.249.24.233/POST_ip_port.php url, but judging from its file name, it should not be a secure thing, also it doesn't have nothing to do with my application.

@neoadventist
Copy link

So what do we do about this? I'm getting the same thing.

@guru-beach
Copy link

Depending on your web server, you can just shunt the traffic. For apache HTTPD I used mod_rewrite and added the following:

   RewriteEngine On
   RewriteCond %{REQUEST_URI} "POST.*"
   RewriteRule ^(.*)$ - [F,L]

For our particular site this is acceptable because none of the URLs we process have the word POST in them.

And the results are the 403 Forbidden you'd expect:

222.186.129.5 - - [29/May/2015:05:47:54 +0000] "POST http://123.249.24.233/POST_ip_port.php HTTP/1.1" 403 303

@theLufenk
Copy link

Bloddy Chinese Spammers!!1
I made my server live for the first time, and within 5 minutes these requests started flowing in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment