Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: RE: A small quandary

RE: A small quandary

From: Bojan Zdrnja <Bojan.Zdrnja_at_FER.hr>
Date: Mon, 9 Dec 2002 12:02:48 +0100

> -----Original Message-----
> From: H C [mailto:keydet89_at_yahoo.com]
> Sent: 6. prosinac 2002 14:49
> To: incidents_at_securityfocus.com
> Subject: Re: A small quandary
>
>
> Paul,
>
> None of the entries seems overly malicious...actually,
> a couple of them are hardly original. From the except
> you've provided, it looks as if a scan w/ any one of a
> number of scanners was conducted...one that isn't
> overly intelligent. So...other than the scan, I don't
> see anything particularly malicious.

Exactly my words :)

> > /scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:
> > 1 -
> >
> /cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../winnt/win.ini
> > 1 -
> >
> /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\\
> >
>
> Attempts at dir. transversal on IIS.

Only second scan isn't IIS vulnerability - it's mrtg cgi script
vulnerability which allows attacker to display arbitrary files.
For more info check: http://online.securityfocus.com/bid/4017/info/.
It's typical input validation error.

Best regards,

Bojan Zdrnja

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Dec 10 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos