> -----Original Message----- > From: H C [mailto:keydet89at_private] > Sent: 6. prosinac 2002 14:49 > To: incidentsat_private > Subject: Re: A small quandary > > > Paul, > > None of the entries seems overly malicious...actually, > a couple of them are hardly original. From the except > you've provided, it looks as if a scan w/ any one of a > number of scanners was conducted...one that isn't > overly intelligent. So...other than the scan, I don't > see anything particularly malicious. Exactly my words :) > > /scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: > > 1 - > > > /cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../winnt/win.ini > > 1 - > > > /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\\ > > > > Attempts at dir. transversal on IIS. Only second scan isn't IIS vulnerability - it's mrtg cgi script vulnerability which allows attacker to display arbitrary files. For more info check: http://online.securityfocus.com/bid/4017/info/. It's typical input validation error. Best regards, Bojan Zdrnja ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Dec 09 2002 - 21:56:53 PST