Note that $0x1bc7 (the first argument) is 7111 in decimal. Luke has done a quick analysis of the assembly code of lupii and reveals that it listens and communicates on UDP/7111 in the "audp_listen" function (confirmed with netstat). User-Agent: Mozilla/4.0 (compatible MSIE 6.0 Windows NT 5.1 ) Part of the strings in this malware (lupii) is shown below: We have earlier reported this observation.Īnother submission from Morten gives a slightly different binary (lupii) but is exploiting the same vulnerability. The following xmlrpc.php attempts are seen:Ī scan from VirusTotal detects "cback" as: Most of these packages should have xml-rpc for php vulnerability fixed in the latest version. When exploited, this could compromise a vulnerable system. Xml-rpc for php is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare and TikiWiki. We have received a few reports on an attack exploiting xml-rpc for php vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |