Security Incidents mailing list archives

RE: A small quandary

From: "Bojan Zdrnja" <Bojan.Zdrnja () FER hr>
Date: Mon, 9 Dec 2002 12:02:48 +0100

-----Original Message-----
From: H C [mailto:keydet89 () yahoo com]
Sent: 6. prosinac 2002 14:49
To: incidents () securityfocus com
Subject: Re: A small quandary

Paul,

None of the entries seems overly malicious...actually,
a couple of them are hardly original.  From the except
you've provided, it looks as if a scan w/ any one of a
number of scanners was conducted...one that isn't
overly intelligent.  So...other than the scan, I don't
see anything particularly malicious.


Exactly my words :)

/scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:
1 -

/cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../winnt/win.ini

1 -

/scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\\


Attempts at dir. transversal on IIS.


Only second scan isn't IIS vulnerability - it's mrtg cgi script
vulnerability which allows attacker to display arbitrary files.
For more info check: http://online.securityfocus.com/bid/4017/info/.
It's typical input validation error.


Best regards,

Bojan Zdrnja


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

A small quandary Mahoney, Paul (Dec 05)
- RE: A small quandary Jerry Shenk (Dec 08)
- RE: A small quandary Rob Shein (Dec 08)
- Re: A small quandary H C (Dec 08)
  - RE: A small quandary Bojan Zdrnja (Dec 09)
- Re: A small quandary Mike Katz (Dec 08)
- Re: A small quandary gminick (Dec 08)
- Odd entries in my Security Router logs Julian Young (Dec 09)