I saw these lines on my server log:
/samples/winnt/system32/cmd.exe?/c+dir HTTP Response 302
/scripts/winnt/system32/cmd.exe?/c+dir HTTP Response 302
/cgi-bin/winnt/system32/cmd.exe?/c+dir HTTP Response 302
/vti_bin/winnt/system32/cmd.exe?/c+dir HTTP Response 302
/samples/winnt/system32/cmd.exe?/c+dir HTTP Response 302
/vti_cnf/winnt/system32/cmd.exe?/c+dir HTTP Response 302
/vti_bin/winnt/system32/cmd.exe?/c+dir HTTP Response 302
Apparently, a bad guy was trying to probe on old vulnerabilities of IIS. The bad guy was not very professional. He should have performed web server OS fingerprinting before launching the probe.
No comments:
Post a Comment