Re: Security threat - execute script to show directory

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 06/08/03 

Date: Sun, 8 Jun 2003 07:13:52 -0700

Also - URLscan is quite effective for tossing these out at first parse
--ra

"Robert Moir" <bofh@mvps.org> wrote in message
news:O2dl%23gbLDHA.2756@TK2MSFTNGP10.phx.gbl...
> Richard P. McCann wrote:
> > Folks,
> >
> > Has anyone encountered a hacker who has executed the
> > malicious script listed below and if so come with a
> > solution to prevent it from happening again and still
> > allow "good" scripts to be executed.
> >
> > GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir 500
> > 87 0 59 15 - - - - -
>
> These directory traversal attacks are very old and you can get a
"solution"
> of a sort by simply applying all the current updates for your server.
>
> Another thing I always do is to simply move all my IIS stuff off the
> operating system disk to it's own disk, then if someone does successfully
> use a directory traversal trick against my server it hasn't actually got
> anywhere interesting to go.
>
> You could also apply explicit ACLs to stop the accounts IIS uses from
having
> access to senitive areas of your system.
>
>
> --
> --
> Rob Moir
> Microsoft MVP for Windows / Security
> www.robertmoir.co.uk
>
>