Re: Found this in my logs

From: Matt Scarborough (vexversaat_private)
Date: Wed May 02 2001 - 02:26:09 PDT

Next message: Patrick Cheong Shu Yang: "Re: Backdoor Q access?"

Previous message: Fernando Cardoso: "Re: Found this in my logs"
Next in thread: H D Moore: "Re: Found this in my logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 30 Apr 2001 14:05:41 -0400, Hamid T Ouyachchi <btihtoat_private>
wrote:

>Found this in my IIS logs. I recognize the Unicode exploit attempts,
frontpage
>msdacs stuff. But what is the /mem-bin/ entry about ?

>W3SVC3 [ ]   GET /_mem_bin/..À/..À/winnt/system32/cmd.exe - 404

SiteServer 3.0 using HTML Forms Authentication has for example
webroot/_mem_bin/formslogin.asp
to authenticate members.

Site Server defaults (NT and W2K) have _mem_bin virtual directories with both
executable and script permissions.

Matt 2001-05-02
-- 

____________________________________________________________________
Get free email and a permanent address at http://www.amexmail.com/?A=1

Next message: Patrick Cheong Shu Yang: "Re: Backdoor Q access?"
Previous message: Fernando Cardoso: "Re: Found this in my logs"
Next in thread: H D Moore: "Re: Found this in my logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 02 2001 - 22:25:06 PDT