On Mon, 30 Apr 2001 14:05:41 -0400, Hamid T Ouyachchi <btihtoat_private> wrote: >Found this in my IIS logs. I recognize the Unicode exploit attempts, frontpage >msdacs stuff. But what is the /mem-bin/ entry about ? >W3SVC3 [ ] GET /_mem_bin/..À/..À/winnt/system32/cmd.exe - 404 SiteServer 3.0 using HTML Forms Authentication has for example webroot/_mem_bin/formslogin.asp to authenticate members. Site Server defaults (NT and W2K) have _mem_bin virtual directories with both executable and script permissions. Matt 2001-05-02 -- ____________________________________________________________________ Get free email and a permanent address at http://www.amexmail.com/?A=1
This archive was generated by hypermail 2b30 : Wed May 02 2001 - 22:25:06 PDT