Posted by Good Man on 10/10/07 19:38

phpCodeHead <phpcodehead@gmail.com> wrote in
news:1192043448.321346.169560@y42g2000hsy.googlegroups.com:

> In my code, 'to' parameter should be of a value ?to=sales or
> ?to=engineering generated through a hypertext link. Although,
> manually
> entered parameter values such as ?to=getAllCustCreditCardNums or
> ?to=anyOtherJibberish have been coded to accomplish absolutely
> nothing,
> I have been intrigued by an error report received through customized
> error reporting code inthe app. It reports an error event in which an
> URL was manually entered in as a value of 'to'. The error report
> returns global array
> values at time of error. .... and it is all because I "failed" to
> initialize a variable... :)
>
> My question(s) is ...
> What is being attempted here?
> Is this a new exploit attempt?

It looks like a redHat machine was compromised by a script (kiddie), and
that machine is trying to find further exploits on other machines (like
yours!)

It's not particularly new, it seems lots of people are getting it
http://www.google.ca/search?q=hut2.ru+cs.txt
http://security.pigstye.net/staticpages/index.php/index

As long as your script is correctly coded to ignore anything other than
what you're expecting it to get (as you have done), there's nothing to
worry about.

[Back to original message]