[WEB SECURITY] Frontpage Exploit - Strange POST Payload

Andrew Simmons asimmons at messagelabs.com
Wed Jun 22 12:05:19 EDT 2005


Ryan Barnett wrote:

> Ehttp://10.10.2.2:191/lsd

[...]

> 
> 3) I am assuming that "/lsd" URI is a file for some form of malware.
> 


Just a thought: there was a group of security researchers in Poland 
(IIRC) who styled themselves "Last Stage of Delirium", often shortened 
to "lsd". They produced a fair number of proof-of-concept exploit code a 
few years ago, though they seem to have been quiet of late.

	http://lsd-pl.net/


On the other hand it might be an entirely unconnected drug reference 
used as a malware name... as with 'morphine', 'opium' et al.


\a

-- 
Andrew Simmons
Technical Security Consultant
MessageLabs

Mobile: +44 (7917) 178745
asimmons at messagelabs.com
  www.messagelabs.com

MessageLabs - Be certain

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list