Is this a revival of a 2003 exploit given as a Shodan dork now with the less known equivalent ZoomEye search engine?
See: searchquery attached as plain txt.
Vulnerable are Cross Web Servers like
About 175,760,923 results2.930 seconds
//var
begin{insertyourcodehere} see attached
142.54.29.202
United States, Luverne
time2018-07-19 00:30
HTTP/1.1 200 OK
Server:Cross Web Server
Content-length: 3233
Content-type: text/html
<html>
<head>
<title>DVR Components Download</title>
<script language='JavaScript' type='text/JavaScript'>
var userAgentString = navigator.userAgent.toLowerCase();
var userPlatform = navigator.platform.toLowerCase();
if(userAgentString.indexOf("windows ce") != -1
|| userAgentString.indexOf("ppc") != -1
|| userAgentString.indexOf("iemobile") != -1
|| userAgentString.indexOf("windows phone") != -1
|| userAgentString.indexOf("msiemobile") != -1
|| (userAgentString.indexOf("htc")!= -1 && userAgentString.indexOf("windows")!= -1))
{
document.location.href = "PcamEn.htm";
}
else if(userAgentString.indexOf("symbianos/9") != -1
|| userAgentString.indexOf("symbianos/3") != -1
|| userAgentString.indexOf("series60/3")!= -1
|| userAgentString.indexOf("series60/4")!= -1
|| userAgentString.indexOf("series60/5")!= -1)
{
document.location.href = "3rd.htm";
}
else if(userAgentString.indexOf("blackberry") != -1)
{
document.location.href = "wapblackberry.html"
}
else if(userAgentString.indexOf("windows nt") != -1
|| userPlatform.indexOf("win32") != -1)
{
//chrome给IE加了个叫chromeframe的插件
if (userAgentString.indexOf("chromeframe") != -1)
{
document.location.href = "
All thanks through the malcode evaluation given inside the Bobby's malzilla_original browser.
nonnumeric port: ....failure not analyzed...
pol
