Security Incidents mailing list archives
Re: Scans from udel.edu and tue.nl
From: ryan () SECURITYFOCUS COM (Ryan Russell)
Date: Thu, 23 Mar 2000 08:36:23 -0800
On Wed, 22 Mar 2000, Alexandru Popa wrote:
Also, can anyone explain what exactly they've been trying to exploit by the percent-full string? It translates to /cgi-bin/query?x=<!--#exec cmd="/usr/bin/id"-->
They're simultaneously checking for vulnerability due to use of SSI and
trying to see what id the webserver is running as. Cute.
What script is /cgi-bin/query in this case?
Ryan
Current thread:
- Scans from udel.edu and tue.nl Jose Nazario (Mar 21)
- Re: Scans from udel.edu and tue.nl Alexandru Popa (Mar 22)
- Re: Scans from udel.edu and tue.nl Jose Nazario (Mar 22)
- 8 hours of pinging & POP2 Paul Tero (ME IT) (Mar 22)
- Re: Scans from udel.edu and tue.nl Ryan Russell (Mar 23)
- R: Scans from udel.edu and tue.nl Gregor Sfiligoj (Mar 22)
- Linux Security slam () THEGRID NET (Mar 22)
- Re: Scans from udel.edu and tue.nl Matthew S. Hallacy (Mar 22)
- <Possible follow-ups>
- Re: Scans from udel.edu and tue.nl Fernando Cardoso (Mar 23)
- Re: Scans from udel.edu and tue.nl Ed Padin (Mar 24)
- Re: Scans from udel.edu and tue.nl Alexandru Popa (Mar 22)