Post: This is how PSN got hacked!
Options
04-26-2011, 10:26 PM
#1
ciunas
Insert User Title Here
Above is a screenshot of their PSN servers access logs. This log is created on the main server of the PlayStation Network. Likely many of you have no idea what exactly a log would be. Sony itself has this log file are also publicly retrievable through the URL. Mistake number two, perhaps? Here also some interesting logs:
Originally posted by another user
214.1.211.251 - - [15/Apr/2011: 9:40:11 -0700] "GET / OfficeScan / cgi / cgiChkMasterPwd.exe HTTP/1.1" 404 336 "-" "-"
178.202.110.92 - - [22/Apr/2011: 7:05:00 p.m. -0700] "GET / admin / cdr / counter.txt HTTP/1.1" 404 343 "-" "Mozilla/5.0 (compatible; Windows NT 6.1, de; rv: 1.9.2.16) Gecko/20110319 Firefox/3.6.16 "
214.1.211.251 - - [15/Apr/2011: 9:40:09 -0700] "GET / _vti_bin / fpcount.exe? Page = default.htm | Image = 3 | Digits = 15 HTTP/1.0" 404 325 "- "" - "
214.1.211.251 - - [15/Apr/2011: 9:39:51 -0700] "GET / scripts / foxweb.exe / HTTP/1.0" 404 324 "-" "-"
214.1.211.251 - - [15/Apr/2011: 9:39:48 -0700] "GET / phpwebfilemgr / index.php? F =../../../ etc / services HTTP/1.0" 404 328 " - "" - "
178.202.110.92 - - [22/Apr/2011: 7:05:00 p.m. -0700] "GET / admin / cdr / counter.txt HTTP/1.1" 404 343 "-" "Mozilla/5.0 (compatible; Windows NT 6.1, de; rv: 1.9.2.16) Gecko/20110319 Firefox/3.6.16 "
214.1.211.251 - - [15/Apr/2011: 9:40:09 -0700] "GET / _vti_bin / fpcount.exe? Page = default.htm | Image = 3 | Digits = 15 HTTP/1.0" 404 325 "- "" - "
214.1.211.251 - - [15/Apr/2011: 9:39:51 -0700] "GET / scripts / foxweb.exe / HTTP/1.0" 404 324 "-" "-"
214.1.211.251 - - [15/Apr/2011: 9:39:48 -0700] "GET / phpwebfilemgr / index.php? F =../../../ etc / services HTTP/1.0" 404 328 " - "" - "
What we see here again include the use of an FVC, local file inclusion, in the last row. With this is that the ip 214.1.211.251, this is possibly the IP of the attacker. Nor has a number of Javascript injections occurred:
Originally posted by another user
214.1.211.251 - - [15/Apr/2011: 9:39:49 -0700] "GET / board.php? <script> FID = alert (document.cookie) </ script> HTTP/1.0" 404 314 "- "" - "
214.1.211.251 - - [15/Apr/2011: 9:39:38 -0700] "GET / servlet / webacc? User.id ="> <script> alert ('eeye2004'
</ script> HTTP/1.0 " 404 319 "-" "-"
214.1.211.251 - - [15/Apr/2011: 9:39:30 -0700] "GET / modules.php? Name = Reviews & rop = post & title =% 253cscript comment> alert 2528document.cookie%)% 253c/script> HTTP / 1.0 "404 316" - "" - "
214.1.211.251 - - [15/Apr/2011: 9:39:38 -0700] "GET / servlet / webacc? User.id ="> <script> alert ('eeye2004'
</ script> HTTP/1.0 " 404 319 "-" "-"214.1.211.251 - - [15/Apr/2011: 9:39:30 -0700] "GET / modules.php? Name = Reviews & rop = post & title =% 253cscript comment> alert 2528document.cookie%)% 253c/script> HTTP / 1.0 "404 316" - "" - "
It is frightening to know that Sony is so easy to hack, because come on Sony, FVC and Javascript injections? Really? This looks like the work of a 14 year old boy. Thanks to SKFU Blog for the announcement of the log.
You must login or register to view this content.
The following 7 users say thank you to ciunas for this useful post:
:black::\:hitman:
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
