RE: iis log file

  • From: "Quillman Shawn (RBNA/CIT5)" <Shawn.Quillman@xxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 9 Apr 2002 11:00:24 -0500

Yes, depending on what patch level IIS is at.  That's a URL that would make
use of a vulnerability in IIS allowing the user to run commands on the
server.  Make sure you've got your server patched to the latest rev.

-Shawn

-----Original Message-----
From: Paul [mailto:paul@xxxxxxxx]
Sent: Tuesday, April 09, 2002 11:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] iis log file


http://www.ISAserver.org


Hi,

I found following line in my iis log- > what is the meaning of =
"/scripts/..=C0%9v../" and "../winnt/system32/cmd.exe /c+dir " should i =
be concernd ?

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2002-04-07 01:21:37
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem =
cs-uri-query sc-status cs-host cs(User-Agent) cs(Referer)=20

2002-04-07 22:26:16 134.96.53.47 - 192.168.1.42 80 GET =
/scripts/..=C0%9v../..=C0%9v../..=C0%9v../winnt/system32/cmd.exe /c+dir =
404 - - -
   =20

Paul





------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: