Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: You are being directed to the US FBI where your IP address and details will also be logged.
Special Forums Cybersecurity You are being directed to the US FBI where your IP address and details will also be logged. Post 303039193 by Neo on Wednesday 25th of September 2019 10:53:29 PM
Old 09-25-2019
OK.. the above logging provides the clue of what the hacker / scanning tool is attempting:

GitHub - ab1gale/phpcms-2008-CVE-2018-19127

Quote:
Recently we found a vulnerability in /type.php of phpcms 2008 source code. When attackers send crafted requests like "/type.php?template=tag_(){};@unlink(FILE);assert($_POST[1]);{//../rss", evil content (in this case "@unlink(FILE);assert($_POST[1]);") will be written into cache file (in this case "/cache_template/rss.tpl.php") on phpcms 2008 website.
This does not effect our site since we do not run phpcms; but it is still interesting to see the non-stop hacking attempts; so in this case it's not "a big deal".. just par for the course on the web.

It's never ending.... keeping a busy web site up and running smoothly.
 

6 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

know who logged and logged out with their timings

being ordinary user (not having any administrative rights) can avail myself a facility to know who logged and logged out with their timings get popped onto my terminal as if it get echo 'ed... (3 Replies)
Discussion started by: vkandati
3 Replies

2. Ubuntu

tar not reading if output directed to /dev/null

I stumbled across a somewhat strange behavior of tar and find no explanation for it: i was testing a DVD for read errors and thought to simply tar the content and direct the output to /dev/null: tar -cvf - /my/mountpoint/*ts > /dev/null This way i expected the system to read the complete... (4 Replies)
Discussion started by: bakunin
4 Replies

3. IP Networking

Local Lan, no-ip directed DNS forward, surf within lan

Hi, We have a website running on a local centos 5.4 surfer, static IP. The domain.com uses no-ip.com to take care of the DNS, it forwards all to my server. My router receives the port 80 call, routes it to my server and the world can see domain.com perfectly fine. However, we cannot see... (3 Replies)
Discussion started by: lawstudent
3 Replies

4. UNIX for Dummies Questions & Answers

at -l doesnt give details of the scheduled job. How to get the details?

I have scheduled couple of shell scripts to run using 'at' command. The o/p of at -l is: $ at -l 1320904800.a Thu Nov 10 01:00:00 2011 1320894000.a Wed Nov 9 22:00:00 2011 1320876000.a Wed Nov 9 17:00:00 2011 $ uname -a SunOS dc2prcrptetl2 5.9 Generic_122300-54 sun4u sparc... (2 Replies)
Discussion started by: superparticle
2 Replies

5. Shell Programming and Scripting

Double quotes is not present to the directed file

I have the below to direct the values to a xml file, echo "<xml version="1.0">" >> /root/xml/sample.xml but when the check the sample.xml file, the output looks like the below one(without double quotes) <xml version=1.0> but i want the output like <xml version="1.0"> Any help on... (8 Replies)
Discussion started by: vel4ever
8 Replies

6. UNIX for Beginners Questions & Answers

Fetching address and user details from log file

Hi All, I have a requirement to get the address values from a large log file along with the user details. line1,line2,city,stateCode,postalCode,countryCode. The below code as advised in the earlier post is giving the user data zgrep -B1 "Failed to calculate Tax" log.2018-05-23.gz | grep... (8 Replies)
Discussion started by: nextStep
8 Replies

LEARN ABOUT PHP

preg_match

PREG_MATCH(3)								 1							     PREG_MATCH(3)

preg_match - Perform a regular expression match

SYNOPSIS

       int preg_match (string  $pattern, string  $subject, [array  &$matches], [int  $flags], [int  $offset])

DESCRIPTION

	Searches $subject for a match to the regular expression given in $pattern.

PARAMETERS

	      o $pattern
		- The pattern to search for, as a string.

	      o $subject
		- The input string.

	      o $matches
		-  If  $matches is provided, then it is filled with the results of search. $matches[0] will contain the text that matched the full
		pattern, $matches[1] will have the text that matched the first captured parenthesized subpattern, and so on.

	      o $flags
		-$flags can be the following flag:

		     o PREG_OFFSET_CAPTURE - If this flag is passed, for every occurring match the appendant string offset will also be  returned.
		       Note that this changes the value of $matches into an array where every element is an array consisting of the matched string
		       at offset 0 and its string offset into $subject at offset 1.

	      o $offset
		- Normally, the search starts from the beginning of the subject string. The optional parameter $offset can be used to specify  the
		alternate place from which to start the search (in bytes).

	      Note

		      Using  $offset  is  not  equivalent  to  passing	substr($subject, $offset) to preg_match(3) in place of the subject string,
		     because $pattern can contain assertions such as ^, $ or (?<=x). Compare:

		     <?php
		     $subject = "abcdef";
		     $pattern = '/^def/';
		     preg_match($pattern, $subject, $matches, PREG_OFFSET_CAPTURE, 3);
		     print_r($matches);
		     ?>

		     The above example will output:

		     Array
		     (
		     )

		      while this example

		     <?php
		     $subject = "abcdef";
		     $pattern = '/^def/';
		     preg_match($pattern, substr($subject,3), $matches, PREG_OFFSET_CAPTURE);
		     print_r($matches);
		     ?>

		      will produce

		     Array
		     (
			 [0] => Array
			     (
				 [0] => def
				 [1] => 0
			     )

		     )

RETURN VALUES

       preg_match(3) returns 1 if the $pattern matches given $subject, 0 if it does not, or FALSE if an error occurred.

       Warning

	      This function may return Boolean FALSE, but may also return a non-Boolean value which evaluates to FALSE. Please read the section on
	      Booleans for more information. Use the === operator for testing the return value of this function.

CHANGELOG

       +--------+---------------------------------------------------+
       |Version |						    |
       |	|						    |
       |	|		     Description		    |
       |	|						    |
       +--------+---------------------------------------------------+
       | 5.3.6	|						    |
       |	|						    |
       |	|  Returns FALSE if $offset is higher than $subject |
       |	| length.					    |
       |	|						    |
       | 5.2.2	|						    |
       |	|						    |
       |	|  Named  subpatterns	now   accept   the   syntax |
       |	| (?<name>)  and  (?'name')  as well as (?P<name>). |
       |	| Previous versions accepted only (?P<name>).	    |
       |	|						    |
       +--------+---------------------------------------------------+
EXAMPLES

       Example #1

	      Find the string of text "php"

	      <?php
	      // The "i" after the pattern delimiter indicates a case-insensitive search
	      if (preg_match("/php/i", "PHP is the web scripting language of choice.")) {
		  echo "A match was found.";
	      } else {
		  echo "A match was not found.";
	      }
	      ?>

       Example #2

	      Find the word "web"

	      <?php
	      /* The  in the pattern indicates a word boundary, so only the distinct
	       * word "web" is matched, and not a word partial like "webbing" or "cobweb" */
	      if (preg_match("/web/i", "PHP is the web scripting language of choice.")) {
		  echo "A match was found.";
	      } else {
		  echo "A match was not found.";
	      }

	      if (preg_match("/web/i", "PHP is the website scripting language of choice.")) {
		  echo "A match was found.";
	      } else {
		  echo "A match was not found.";
	      }
	      ?>

       Example #3

	      Getting the domain name out of a URL

	      <?php
	      // get host name from URL
	      preg_match('@^(?:http://)?([^/]+)@i',
		  "http://www.php.net/index.html", $matches);
	      $host = $matches[1];

	      // get last two segments of host name
	      preg_match('/[^.]+.[^.]+$/', $host, $matches);
	      echo "domain name is: {$matches[0]}
";
	      ?>

	      The above example will output:

	      domain name is: php.net

       Example #4

	      Using named subpattern

	      <?php

	      $str = 'foobar: 2008';

	      preg_match('/(?P<name>w+): (?P<digit>d+)/', $str, $matches);

	      /* This also works in PHP 5.2.2 (PCRE 7.0) and later, however
	       * the above form is recommended for backwards compatibility */
	      // preg_match('/(?<name>w+): (?<digit>d+)/', $str, $matches);

	      print_r($matches);

	      ?>

	      The above example will output:

	      Array
	      (
		  [0] => foobar: 2008
		  [name] => foobar
		  [1] => foobar
		  [digit] => 2008
		  [2] => 2008
	      )

NOTES

       Tip

	       Do not use preg_match(3) if you only want to check if one string is contained in another string. Use strpos(3) or strstr(3) instead
	      as they will be faster.

SEE ALSO

       PCRE Patterns, preg_quote(3), preg_match_all(3), preg_replace(3), preg_split(3), preg_last_error(3).

PHP Documentation Group 													     PREG_MATCH(3)
All times are GMT -4. The time now is 11:19 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy