What Exploit Are These User Agents Trying to Use?What is SPL exploit?What kind of security injection are these traces of, SQL, javascript, or otherwise?Is it illegal to use Fake User-agents?Server attack attempts, what are they trying to achieve?Can I exploit Windows kernel from user-mode application?HTTP attack taking down PHP-FPMSegmentation fault trying to exploit printf vulnerabilityWhat web servers are affected by this user agent exploit?Which exploit and which payload use?Help on what to do with these suspicious logs

What is the opposite of "eschatology"?

How do conventional missiles fly?

In Bayesian inference, why are some terms dropped from the posterior predictive?

Am I breaking OOP practice with this architecture?

Why was the shrink from 8″ made only to 5.25″ and not smaller (4″ or less)

Is it a bad idea to plug the other end of ESD strap to wall ground?

Mathematica command that allows it to read my intentions

How can a day be of 24 hours?

Finitely generated matrix groups whose eigenvalues are all algebraic

What is required to make GPS signals available indoors?

How could indestructible materials be used in power generation?

Car headlights in a world without electricity

Bullying boss launched a smear campaign and made me unemployable

How obscure is the use of 令 in 令和?

How can I prove that a state of equilibrium is unstable?

Is it "common practice in Fourier transform spectroscopy to multiply the measured interferogram by an apodizing function"? If so, why?

Blending or harmonizing

How to coordinate airplane tickets?

What are the G forces leaving Earth orbit?

Rotate ASCII Art by 45 Degrees

Avoiding the "not like other girls" trope?

Could neural networks be considered metaheuristics?

Can I hook these wires up to find the connection to a dead outlet?

Do Iron Man suits sport waste management systems?



What Exploit Are These User Agents Trying to Use?


What is SPL exploit?What kind of security injection are these traces of, SQL, javascript, or otherwise?Is it illegal to use Fake User-agents?Server attack attempts, what are they trying to achieve?Can I exploit Windows kernel from user-mode application?HTTP attack taking down PHP-FPMSegmentation fault trying to exploit printf vulnerabilityWhat web servers are affected by this user agent exploit?Which exploit and which payload use?Help on what to do with these suspicious logs













2















I just looked at my user agent tracking page on my site (archived on Yandex) and I noticed these user agents. I believe they are an attempt to exploit my server (NGinx with PHP). The 1 in front of it is just how many times the user agent was seen in the NGinx log. These are also shortened user agents and not long ones like Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36. I no longer have access to the logs as I presume this occurred sometime in January or February (my oldest logs are in March and I created the site in January).



1 Mozilla/5.9}print(238947899389478923-34567343546345);
1 Mozilla/5.9$print(238947899389478923-34567343546345)
1 Mozilla/5.9x22$print(238947899389478923-34567343546345)x22
1 Mozilla/5.9x22];print(238947899389478923-34567343546345);//
1 Mozilla/5.9x22


What exploit was attempted and how can I test to ensure these exploits are not usable?






exploit webserver web nginx anti-exploitation







shareprint(238947899389478923-34567343546345);
1 Mozilla/5.9$print(238947899389478923-34567343546345)
1 Mozilla/5.9x22$print(238947899389478923-34567343546345)x22
1 Mozilla/5.9x22];print(238947899389478923-34567343546345);//
1 Mozilla/5.9x22


What exploit was attempted and how can I test to ensure these exploits are not usable?






exploit webserver web nginx anti-exploitation







shareprint(238947899389478923-34567343546345);
1 Mozilla/5.9$print(238947899389478923-34567343546345)
1 Mozilla/5.9x22$print(238947899389478923-34567343546345)x22
1 Mozilla/5.9x22];print(238947899389478923-34567343546345);//
1 Mozilla/5.9x22


What exploit was attempted and how can I test to ensure these exploits are not usable?






exploit webserver web nginx anti-exploitation







shareprint(238947899389478923-34567343546345);{
1 Mozilla/5.9$print(238947899389478923-34567343546345)
1 Mozilla/5.9x22$print(238947899389478923-34567343546345)x22
1 Mozilla/5.9x22];print(238947899389478923-34567343546345);//
1 Mozilla/5.9x22


What exploit was attempted and how can I test to ensure these exploits are not usable?






exploit webserver web nginx anti-exploitation




exploit webserver web nginx anti-exploitation






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 3 hours ago









SenorContentoSenorContento

256




256




















      2 Answers
      2






      active

      oldest

      votes


















      3














      It looks to be trying to exploit some form of command injection. As DarkMatter mentioned in his answer, this was likely a broad attempt to find any vulnerable servers, rather than targeting you specifically. The payload itself just appears to just be testing to see if the server is vulnerable to command injection. It does not appear to have any additional purpose.



      In order to test if you would be affected by these specific payloads, the easiest way would be to send them to your own server, and see how they respond. Note, that I only say this because the payloads themselves are benign; I do not recommend doing this with all payloads.



      My bet is that your server is not vulnerable, because I would have expected to see follow up request to actually exploit your server.






      share|improve this answer






























        3














        It is probably nothing. It seems like the broad spam of a scanner looking across the web for any website that evaluates and returns that subtraction when it shouldn't. It is a pretty common thing to see.






        share|improve this answer























          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "162"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206649%2fwhat-exploit-are-these-user-agents-trying-to-use%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          3














          It looks to be trying to exploit some form of command injection. As DarkMatter mentioned in his answer, this was likely a broad attempt to find any vulnerable servers, rather than targeting you specifically. The payload itself just appears to just be testing to see if the server is vulnerable to command injection. It does not appear to have any additional purpose.



          In order to test if you would be affected by these specific payloads, the easiest way would be to send them to your own server, and see how they respond. Note, that I only say this because the payloads themselves are benign; I do not recommend doing this with all payloads.



          My bet is that your server is not vulnerable, because I would have expected to see follow up request to actually exploit your server.






          share|improve this answer



























            3














            It looks to be trying to exploit some form of command injection. As DarkMatter mentioned in his answer, this was likely a broad attempt to find any vulnerable servers, rather than targeting you specifically. The payload itself just appears to just be testing to see if the server is vulnerable to command injection. It does not appear to have any additional purpose.



            In order to test if you would be affected by these specific payloads, the easiest way would be to send them to your own server, and see how they respond. Note, that I only say this because the payloads themselves are benign; I do not recommend doing this with all payloads.



            My bet is that your server is not vulnerable, because I would have expected to see follow up request to actually exploit your server.






            share|improve this answer

























              3












              3








              3







              It looks to be trying to exploit some form of command injection. As DarkMatter mentioned in his answer, this was likely a broad attempt to find any vulnerable servers, rather than targeting you specifically. The payload itself just appears to just be testing to see if the server is vulnerable to command injection. It does not appear to have any additional purpose.



              In order to test if you would be affected by these specific payloads, the easiest way would be to send them to your own server, and see how they respond. Note, that I only say this because the payloads themselves are benign; I do not recommend doing this with all payloads.



              My bet is that your server is not vulnerable, because I would have expected to see follow up request to actually exploit your server.






              share|improve this answer













              It looks to be trying to exploit some form of command injection. As DarkMatter mentioned in his answer, this was likely a broad attempt to find any vulnerable servers, rather than targeting you specifically. The payload itself just appears to just be testing to see if the server is vulnerable to command injection. It does not appear to have any additional purpose.



              In order to test if you would be affected by these specific payloads, the easiest way would be to send them to your own server, and see how they respond. Note, that I only say this because the payloads themselves are benign; I do not recommend doing this with all payloads.



              My bet is that your server is not vulnerable, because I would have expected to see follow up request to actually exploit your server.







              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered 2 hours ago









              user52472user52472

              2,422614




              2,422614























                  3














                  It is probably nothing. It seems like the broad spam of a scanner looking across the web for any website that evaluates and returns that subtraction when it shouldn't. It is a pretty common thing to see.






                  share|improve this answer



























                    3














                    It is probably nothing. It seems like the broad spam of a scanner looking across the web for any website that evaluates and returns that subtraction when it shouldn't. It is a pretty common thing to see.






                    share|improve this answer

























                      3












                      3








                      3







                      It is probably nothing. It seems like the broad spam of a scanner looking across the web for any website that evaluates and returns that subtraction when it shouldn't. It is a pretty common thing to see.






                      share|improve this answer













                      It is probably nothing. It seems like the broad spam of a scanner looking across the web for any website that evaluates and returns that subtraction when it shouldn't. It is a pretty common thing to see.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered 3 hours ago









                      DarkMatterDarkMatter

                      2,1081120




                      2,1081120



























                          draft saved

                          draft discarded
















































                          Thanks for contributing an answer to Information Security Stack Exchange!


                          • Please be sure to answer the question. Provide details and share your research!

                          But avoid


                          • Asking for help, clarification, or responding to other answers.

                          • Making statements based on opinion; back them up with references or personal experience.

                          To learn more, see our tips on writing great answers.




                          draft saved


                          draft discarded














                          StackExchange.ready(
                          function ()
                          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206649%2fwhat-exploit-are-these-user-agents-trying-to-use%23new-answer', 'question_page');

                          );

                          Post as a guest















                          Required, but never shown





















































                          Required, but never shown














                          Required, but never shown












                          Required, but never shown







                          Required, but never shown

































                          Required, but never shown














                          Required, but never shown












                          Required, but never shown







                          Required, but never shown







                          -

                          Popular posts from this blog

                          Best approach to update all entries in a list that is paginated?Best way to add items to a paginated listChoose Your Country: Best Usability approachUpdate list when a user is viewing the list without annoying themWhen would the best day to update your webpage be?What should happen when I add a Row to a paginated, sorted listShould I adopt infinite scrolling or classical pagination?How to show user that page objects automatically updateWhat is the best location to locate the comments section in a list pageBest way to combine filtering and selecting items in a listWhen one of two inputs must be updated to satisfy a consistency criteria, which should you update (if at all)?

                          Image
                          What to do when during a meeting client people start to fight (even physically) with each others? How to pass a string to a command that expects a file? How could our ancestors have domesticated a solitary predator? Solving "Resistance between two nodes on a grid" problem in Mathematica Why would one plane in this picture not have gear down yet? My story is written in English, but is set in my home country. What language should I use for the dialogue? Do items de-spawn in Diablo? Why doesn't this Google Translate ad use the word "Translation" instead of "Translate"? How do I express some one as a black person? Subset counting for even numbers Is there a window switcher for GNOME that shows the actual window? Are babies of evil humanoid species inherently evil? Could you please stop shuffling the deck and play already? Are the terms "stab" and "staccato" synonyms? What is the chance of making a successful ...
                          Read more

                          Вунгтау (аеропорт) Загальні відомості | Див. також | Посилання | Навігаційне меню10°22′00″ пн. ш. 107°05′00″ сх. д. / 10.36667° пн. ш. 107.08333° сх. д. / 10.36667; 107.0833310°22′00″ пн. ш. 107°05′00″ сх. д. / 10.36667° пн. ш. 107.08333° сх. д. / 10.36667; 107.083337731608Vinh AirportVinh airport facelift improves serviceвиправивши або дописавши їївиправивши або дописавши їїр

                          Image
                          Аеропорти В'єтнаму в'єт.IATAІКАОв'єтнамськийВунгтаузлітно-посадкову смугуАн-38ATR-72 Аеропорт Вунгтау в'єт. Sân bay Vũng Tàu IATA: VTG • ICAO: VVVT Загальні дані 10°22′00″ пн. ш. 107°05′00″ сх. д.  /  10.36667° пн. ш. 107.08333° сх. д.  / ...
                          Read more

                          Тонконіг бульбистий Зміст Опис | Поширення | Екологія | Господарське значення | Примітки | Див. також | Література | Джерела | Посилання | Навігаційне меню1114601320038-241116202404kew-435458Poa bulbosaЭлектронный каталог сосудистых растений Азиатской России [Електронний каталог судинних рослин Азіатської Росії]Малышев Л. Л. Дикие родичи культурных растений. Poa bulbosa L. - Мятлик луковичный. [Малишев Л. Л. Дикі родичи культурних рослин. Poa bulbosa L. - Тонконіг бульбистий.]Мятлик (POA) Сем. Злаки (Мятликовые) [Тонконіг (POA) Род. Злаки (Тонконогові)]Poa bulbosa Linnaeus, Sp. Pl. 1: 70. 1753. 鳞茎早熟禾 lin jing zao shu he (Description from Flora of China) [Poa bulbosa Linnaeus, Sp. Pl. 1: 70. 1753. 鳞茎早熟禾 lin jing zao shu he (Опис від Флора Китаю)]Poa bulbosa L. – lipnice cibulkatá / lipnica cibulkatáPoa bulbosa в базі даних Poa bulbosa на сайті Poa bulbosa в базі даних «Global Biodiversity Information Facility» (GBIF)Poa bulbosa в базі даних «Euro + Med PlantBase» — інформаційному ресурсі для Євро-середземноморського розмаїття рослинPoa bulbosa L. на сайті «Плантариум»

                          Image
                          ТонконігРослини, описані 1753Флора АзіїФлора ЄвропиФлора АфрикиКормові культуриГазонні трави Thuill.TzvelevWilh.Steud.Trin.FeinbrunAzn.Velen.BalansaRoshev.Ovcz.Heldr.Parl.H.ScholzH.ScholzBorbásF.W.SchmidtSchurSchurSchurLej.R.Br.багаторічна рослинаТонконоговихКормовадеко...
                          Read more