Tuesday, August 9, 2016

hndUnblock.cgi wget calls

GET /hndUnblock.cgi HTTP/1.0
User-Agent: Wget(linux)

Saw this http request in the logs, what could it mean? It appears that in April 2014 there was a Linksys router vulnerability. The web admin page on routers provides the hndUnblock.cgi page to administrate. This page could be accessed by and attacker it apparently contains an OS command injection vulnerability that allows execution of commands against the router. So this attacker is simply running an automated linux script that calls the wget command and is looking to see if the vulnerable hndUnblock.cgi page exists.

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment