[Dshield] New http exploit?

David Taylor ltr at isc.upenn.edu
Mon Oct 24 14:03:52 GMT 2005


There was a handler's diary that referred to PUT /ownz.htm back in September
2004. 

http://isc.sans.org/diary.php?date=2004-09-20


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshielders
http://freenode.net/



-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of M Cook
Sent: Monday, October 24, 2005 8:07 AM
To: list at lists.dshield.org
Subject: [Dshield] New http exploit?


I think this is the first time I've seen this (on our web server). Is it 
new?

Client address: 85.98.164.95
Request: PUT /ownz.htm
Referer: -
Cookie: -
Status code: Forbidden (403)
Received: 231 bytes
Sent: 4118 bytes
Time taken: 547
Time: 10/23/2005 3:24:37 PM EDT
User agent: Microsoft+Data+Access+Internet+Publishing+Provider+DAV+1.1

Other clients doing this are 81.214.177.72 and 85.98.81.65.

Another similar is

Client address: 85.98.164.116
Request: PUT /own3d.htm
Referer: -
Cookie: -
Status code: Forbidden (403)
Received: 236 bytes
Sent: 4118 bytes
Time taken: 1891
Time: 10/19/2005 5:42:44 AM EDT
User agent: Microsoft+Data+Access+Internet+Publishing+Provider+DAV+1.1
_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list