Saw this attack below that appears to be targted at China's popular CMS dedeCMS.
It appears that if this vulnerable page was available and exposed and not patched then the attacker can gain remote access per this blog i read
Above is step 1 in the process which Clears the contents of config_update.php, which is likely an important file for the CMS and if empty now the guards are down on the site.
Then the 2nd step it says is that the attacker will send a similar request that Create local HTTP services like this below.
And your webshell would now live here
and your site is owned.
More about neonprimetime
Top Blogs of all-time
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.