You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/08/26 23:01:55 UTC
DO NOT REPLY [Bug 12054] New: -
My Money count in the access.log !!!
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12054>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12054
My Money count in the access.log !!!
Summary: My Money count in the access.log !!!
Product: Apache httpd-2.0
Version: 2.0.35
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Major
Priority: Other
Component: All
AssignedTo: bugs@httpd.apache.org
ReportedBy: rouxdenis@wanadoo.fr
I have an apache server running on my PC.
This is what I found in the log file :
80.15.34.172 - - [24/Aug/2002:12:31:53 +0100] "GET /scripts/..%
252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 263
Just before the full edition of my count in text edition.
Every page was listed.
I have no /scripts directory on my server, it seems that kind of attack
was not risky for an Apache server...
Or maybe was it just a bug, the page printed on screen ended down it his file?
Does someone know what it is?
Thanks
DEN
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org