[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Odd log code

Subject: Re: [cobalt-users] Odd log code
From: flash22@xxxxxxx
Date: Sat Apr 7 03:50:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sat, 7 Apr 2001, Rodrigo Velasco wrote:

> Hi again,
> 
> I've found the following lines in my last log from my Cobalt4i, I don't
> really know if it means something important, but looks to me how somebody
> was trying to use a sort of script on my server:
> 
> ns.mydomain.com 207.175.129.160 - - [07/Apr/2001:06:50:01 -0400] "GET
> /scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/wi
> nnt/system32/cmd.exe?/c%20dir HTTP/1.0" 302 308 "-" "-"

It provides administrator level access on an old unpatched nt server
running IIS ;) It just wastes logfile space on a non-nt machine...

Search the security sites for 'unicode hack'
(Yes it was a hack attempt ;)

gsh

References:
- [cobalt-users] Odd log code
  - From: Rodrigo Velasco

Prev by Date: [cobalt-users] Cube2 Can't locate cgi-lib.pl
Next by Date: RE: [cobalt-users] Cobalt user chatroom????
Previous by thread: Re: [cobalt-users] Odd log code
Next by thread: [cobalt-users] Installing Openssl and Openssh on Raq4

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index