[Dshield] GET image.jpg vulnerability

Coxe, John B. JOHN.B.COXE at saic.com
Mon Jul 15 22:25:42 GMT 2002


This is likely to be the case of a previous holder of his address (or a
mistyped address) running a webcam.  The Axis series of webcams publish with
that filename.  Others may also.  Perhaps a perv was looking in to see waht
was currently up at the other house?  Or it could be someone trawling for
webcams on his ISP.

-----Original Message-----
From: Jonathan G. Lampe [mailto:jonathan at stdnet.com]
Sent: Monday, July 15, 2002 1:19 PM
To: list at dshield.org
Subject: Re: [Dshield] GET image.jpg vulnerability


Useful information here might include the "REFERER" field (hopefully) 
logged by your web server. With that piece of info, you may be able to 
figure out if this is a "legitimate" piece of traffic (sent over by a 
search engine?) or someone fat-fingering into your computer.

My $.02...kind of looks like some admin's discount file sharing 
mechanism..."I'll post a screenshot on my web server...download it 
here."  Probably a GOOD thing for your IDS to be looking for!  (Also, did 
it 404 or 20x on you?)

-jgl

At 02:21 PM 7/15/2002, you wrote:
>This was caught by my IDS yesterday:
>
>GET /image640x480.jpg HTTP/1.1
>
>Just this, from an address somewhere in Germany. Is there a vulnerability 
>associated with this that I'm not aware of? I do not run a public web
server.

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list