[Dshield] New http exploit?

Bo Nordgren bo at nordgren.net
Mon Oct 24 14:05:37 GMT 2005


On Mon, 24 Oct 2005 08:06:30 -0400, M Cook wrote
> I think this is the first time I've seen this (on our web server). Is it 
> new?

> Request: PUT /ownz.htm

>From this line it looks like it might be a low level scan for people who have no clue
how to configure their server. It would be nice to se the file they are trying to upload
to see what hole they are trying to get to on the server.

There are actualy people who allow public PUT on their servers so this scan follows the
same reasoning as the SSH scans that hit port 22 from time to time.
If you check 100.000 servers there is a big chance that at least one of them are badly
configured.

// Bo

--



More information about the list mailing list