/manager/html(Apache Tomcat)http://123.249.24.233/POST_ip_port.php/tmUnblock.cgi/HNAP1//phpMyAdmin/scripts/setup.php(PHPMyAdmin)/pma/scripts/setup.php/myadmin/scripts/setup.php/MyAdmin/scripts/setup.php/vyvy/vyv/vy.php/cgi-sys/php5/cgi-bin/test-cgi/cgi-bin/printenv/cgi-bin/test.cgi/cgi-bin/test.pl/cgi-bin/test.sh/cgi-bin/teste.pl/cgi-bin/teste.cgi/cgi-bin/teste.sh/cgi-bin/print-env/cgi-bin/print.pl/cgi-bin/print.cgi/cgi-bin/printenv.sh/dpdp/dpd/dp.php/upup/upu/up.php/admin/fckeditor/editor/filemanager/browser/default/connectors/test.html/web-console/ServerInfo.jsp/vtigercrm//operator/basic.shtml(AXIS 206 Network Camera)/secure/ltx_conf.htm(M30X / M306 Wireless Ethernet Monitor)/syslog.htm(Linux?)
Last active
February 1, 2023 09:36
-
-
Save renancouto/0ad35842f1c536c1dbbe to your computer and use it in GitHub Desktop.
A collection of weird URLs that I think are used to exploit security vulnerabilities on web apps
So what do we do about this? I'm getting the same thing.
Depending on your web server, you can just shunt the traffic. For apache HTTPD I used mod_rewrite and added the following:
RewriteEngine On
RewriteCond %{REQUEST_URI} "POST.*"
RewriteRule ^(.*)$ - [F,L]
For our particular site this is acceptable because none of the URLs we process have the word POST in them.
And the results are the 403 Forbidden you'd expect:
222.186.129.5 - - [29/May/2015:05:47:54 +0000] "POST http://123.249.24.233/POST_ip_port.php HTTP/1.1" 403 303
Bloddy Chinese Spammers!!1
I made my server live for the first time, and within 5 minutes these requests started flowing in.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi guys, I really don't know about this
http://123.249.24.233/POST_ip_port.phpurl, but judging from its file name, it should not be a secure thing, also it doesn't have nothing to do with my application.