Hi,
I received more than 50 emails from my site with subject line "Possible security attack" and body as shown below:
======================================================
Total impact: 24
Affected tags: xss, csrf
Variable: REQUEST.body | Value: comment2, <a href=\"http://anime2share.com/blowjob/generic-viagr_a-meltabs.html\">samus aran hentai</a>, gecbdw, <a href=\"http://sandrascloset.net/m_in.html\">money coat of arms</a>, 700158, <a href=\"http://intervaluesa.com/a/language/f_naok_o.html\">keira knightley nude</a>, 550, <a href=\"http://www.triggerplus.com/FCKeditor/_testcases/003.html\">orochimaru is the savior</a>, 8-[, <a href=\"http://www.1healthweb.info/1health/wp-register.php\">craiglist antelope valley ca</a>, znml, <a href=\"http://www.fotep.com/search/Dali-Hell-101b.html\">miranda cosgrove gallery</a>, mdp, <a href=\"http://www.triggerplus.com/html-olds/c_ontact.html\">http://www.triggerplus.com/html-olds/c_ontact.html</a>, 930, <a href=\"http://www.fishmaldives.com/_derived/language/in_dex3.html\">yukiko
kimura nude</a>, 3723,
Impact: 12 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Variable: POST.body | Value: comment2, <a href=\"http://anime2share.com/blowjob/generic-viagr_a-meltabs.html\">samus aran hentai</a>, gecbdw, <a href=\"http://sandrascloset.net/m_in.html\">money coat of arms</a>, 700158, <a href=\"http://intervaluesa.com/a/language/f_naok_o.html\">keira knightley nude</a>, 550, <a href=\"http://www.triggerplus.com/FCKeditor/_testcases/003.html\">orochimaru is the savior</a>, 8-[, <a href=\"http://www.1healthweb.info/1health/wp-register.php\">craiglist antelope valley ca</a>, znml, <a href=\"http://www.fotep.com/search/Dali-Hell-101b.html\">miranda cosgrove gallery</a>, mdp, <a href=\"http://www.triggerplus.com/html-olds/c_ontact.html\">http://www.triggerplus.com/html-olds/c_ontact.html</a>, 930, <a href=\"http://www.fishmaldives.com/_derived/language/in_dex3.html\">yukiko
kimura nude</a>, 3723,
Impact: 12 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
REMOTE_ADDR: 94.102.63.90
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home/wmalluju/public_html/contact.php
QUERY_STRING:
REQUEST_URI: /contact.php
QUERY_STRING:
SCRIPT_NAME: /contact.php
PHP_SELF: /contact.php
==========================================================
The last email was with a subject like "Security attack was stopped" with body as below:
==========================================================
Total impact: 44
Affected tags: xss, csrf, sqli, id, lfi
Variable: REQUEST.body | Value: comment3, <a href=\"http://muesca.es/visor3dcentro.htm\">schoolgirl virgin</a>, 9979, <a href=\"http://www.dynamicpsy.ro/hukj/language/12_2.html\">girls grabbing girls boobs</a>, :OOO, <a href=\"http://tribbett.org/indexn.html\">milk shakes recipes</a>, 758, <a href=\"http://torec.net/bha/5003.html\">7 up cake recipe</a>, frjpvi, <a href=\"http://jaytv.ch/spiractin/aldactone-sale-online.html\">cuckold creampie</a>, ywi, <a href=\"http://eunhyechung.com/de_au_lt7.html\">secretaria educacion soacha</a>, 1735, <a href=\"http://chinatripadvisor.com/english/help/453.screen.banners.client.html\">young glamour models tgp</a>, 01385, <a href=\"http://www.hohlraumvolumen.de/ki5/10112.html\">true sissy husband stories</a>, 2616,
Impact: 22 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects possible event handlers | Tags: xss, csrf | ID: 32
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Variable: POST.body | Value: comment3, <a href=\"http://muesca.es/visor3dcentro.htm\">schoolgirl virgin</a>, 9979, <a href=\"http://www.dynamicpsy.ro/hukj/language/12_2.html\">girls grabbing girls boobs</a>, :OOO, <a href=\"http://tribbett.org/indexn.html\">milk shakes recipes</a>, 758, <a href=\"http://torec.net/bha/5003.html\">7 up cake recipe</a>, frjpvi, <a href=\"http://jaytv.ch/spiractin/aldactone-sale-online.html\">cuckold creampie</a>, ywi, <a href=\"http://eunhyechung.com/de_au_lt7.html\">secretaria educacion soacha</a>, 1735, <a href=\"http://chinatripadvisor.com/english/help/453.screen.banners.client.html\">young glamour models tgp</a>, 01385, <a href=\"http://www.hohlraumvolumen.de/ki5/10112.html\">true sissy husband stories</a>, 2616,
Impact: 22 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects possible event handlers | Tags: xss, csrf | ID: 32
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
REMOTE_ADDR: 94.102.63.90
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home/wmalluju/public_html/contact.php
QUERY_STRING:
REQUEST_URI: /contact.php
QUERY_STRING:
SCRIPT_NAME: /contact.php
PHP_SELF: /contact.php
==============================================================
Is there any problem for the site? It's a new installation. Please advise.
