Preface: HTTP CGI data contains ../../../..Logo -Internet Security Systems

HTTP CGI data contains ../../../..
advICE :Intrusions : 2000609
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Possible intrusion.

Details

The data passed to a URL has a suspicious pathname containing ../../../..; this path might be used to access privileged files. The attacker tries to move up the directory tree to access files in other directories which would not otherwise be accessible.

Some Web applications use pathnames containing ../../../.. legitimately. You should examine the URL and the GET argument to see if they are valid, or if it is an attempt to access privileged data. If the pathname within the GET argument is an access to privileged data, and the accessed parameter indicates the access was successful, you should consider your data to have been compromised.

 more information
BugtraqID: 2385   Thinking Arts ES.One Directory Traversal Vulnerability
 
BugtraqID: 2367   HIS software Auktion 1.62 Transversal Vulnerability
 
BugtraqID: 2362   SilverPlatter WebSPRIRS File Disclosure Vulnerability
 
BugtraqID: 1650   Nathan Purciful phpPhotoAlbum Directory Traversal Vulnerability
 
BugtraqID: 1587   Netwin Netauth Directory Traversal Vulnerability
 
BugtraqID: 1455   BB4 Technologies Big Brother Directory Traversal Vulnerability
 
BugtraqID: 1335   3R Soft MailStudio 2000 Multiple Vulnerabilities
 
BugtraqID: 1243   HP Web JetAdmin Directory Traversal Vulnerability
 
BugtraqID: 1102   TalentSoft Web+ Directory Traversal Vulnerability
 
BugtraqID: 1052   Sojourn File Access Vulnerability
A URL of the form "http://target/cgi-bin/sojourn.cgi?cat=../../../../../../etc/passwd%00" cam retrieve any file in the system  
BugtraqID: 1040   StarOffice StarScheduler Arbitrary File Read Vulnerability
A URL of the form "http://starscheduler_server:801/../../../../etc/shadow" can retrieve any file in the system  
BugtraqID: 896   AltaVista Search Engine Directory Traversal Vulnerability
 
BugtraqID: 879   Novell GroupWise HELP Vulnerabilities
A URL of the form "/cgi-bin/gw5/gwweb.exe?HELP=../../../../secret.htm" can retrieve any file in the system  
BugtraqID: 167   NT IIS Showcode ASP Vulnerability
ShowCode plus many ../.. in the path can retrieve any file in the system.  
CVE-2000-0039   AltaVista query.cgi dotdot
 
CVE-1999-0149   IRIX wrap CGI dotdot
 
L0pht Advisory on showcode.asp  
 
Bugtraq: IRIX 6.x /cgi-bin/wrap bug  
An example exploit that will trigger this intrusion alert.  

 parametric information
URLThe suspicious URL.
accessedIndicates whether the URL was successfully accessed.
codeThe HTTP return code.
argThe argument to the GET command (if any).

 configuration for this item
http.dotdotpath../../../..An intrusion detection is triggered if the path name contains this substring.

 
Version appeared:
Privacy Policy |  Copyright Info