Tuesday, August 9, 2016

stssys.htm wget request

GET /stssys.htm HTTP/1.0
User-Agent: Wget(linux)

Saw this request in the http logs, what could it be? It appears in 2013 TRENDnet Print Server vulnerability that allowed an attacker to reset the printer to factory defaults which would then allow them to set the new IP address. This could be done remotely without authentication by acccessing particular web pages. This attacker is just using the linux wget command to scan the internet and look for vulnerable print servers.

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment