Decode Http Hack Attempt? Home » CentOS » Decode Http Hack Attempt? September 24, 2015 James B. CentOS 2 Comments Can anyone de-cypher the second entry for me? ——————— httpd Begin ———————-
September 24, 2015 James B. CentOS 2 Comments Can anyone de-cypher the second entry for me? ——————— httpd Begin ———————-
In article , James B. Byrne wrote: It appears to be something to do with a PHP framework called ThinkPHP. One of the hits when searching for it is for ThinkPHP on Google Code. Perhaps there is a vulnerability in ThinkPHP, and this access is from a machine scanning for vulnerable sites? Just a guess. I don’t think it has a meaning – it’s just a 128-bit number expressed in hex. Cheers Tony
See: http://code.taobao.org/p/tpbase/diff/2/trunk/ThinkPHP/Library/Think/App.class.php if(!$module) { + if(‘4e5e5d7364f443e28fbf0d3ae744a59a’ == CONTROLLER_NAME) { + header(“Content-type:image/png”); + exit(base64_decode(App::logo())); + } I think it’s way to detect if system is running vulnerable version of ThinkPHP?
2 thoughts on - Decode Http Hack Attempt?
In article, James B. Byrne wrote:
It appears to be something to do with a PHP framework called ThinkPHP. One of the hits when searching for it is for ThinkPHP on Google Code.
Perhaps there is a vulnerability in ThinkPHP, and this access is from a machine scanning for vulnerable sites? Just a guess.
I don’t think it has a meaning – it’s just a 128-bit number expressed in hex.
Cheers Tony
See:
http://code.taobao.org/p/tpbase/diff/2/trunk/ThinkPHP/Library/Think/App.class.php
if(!$module) {
+ if(‘4e5e5d7364f443e28fbf0d3ae744a59a’ == CONTROLLER_NAME) {
+ header(“Content-type:image/png”);
+ exit(base64_decode(App::logo()));
+ }
I think it’s way to detect if system is running vulnerable version of ThinkPHP?