Top 20 directory traversals

**ntsa** · June 18th, 2002, 02:15 PM

I store all of my IIS server logs in SQL tables. This has the benefit of being able to run SQL queries against log data. So for my general amusement I created a top 20 query of directory traversals.

Sort of like 'america's dumbers hackers'

(j/k btw - most of them are UK based)

So here, for your viewing pleasure

, is the list of the top 20 directory traversal style attacks against my box. If you run M$ IIS it's worth testing these against _YOUR_OWN_ box.

Don't test them on my servers because I will write a stern letter to your ISP (see here ) <manical_laugh>heh</manical_laugh>.

**ntsa** · June 18th, 2002, 02:17 PM

Nope, I take it all back...This bloke wins 'America's dumbest hacker':

http://1270.0.1/cgi-bin/formmail.cgi/email=lafam&subject=www%2Emarkapwatts%2Eco%2Euk%2Fcgi%2Dbin%2Fformmail%2Ecgi&recipient=puil%40aol%2Ecom&msg=Formmail_Found!

I should leave a note out for all skript kiddies:
"To all script kiddies - Can I have your email address please - thanks."
You never know - it might just catch on!

***souleman*** · June 18th, 2002, 02:30 PM

set up a script so when anyone trys a traversal, it pops up a page saying "please enter your email and ip addy for access"

**8*B@LL** · June 20th, 2002, 11:31 PM

Originally posted here by souleman
set up a script so when anyone trys a traversal, it pops up a page saying "please enter your email and ip addy for access"

sure that would be funny(cause it would probably work alot of the time), but most if the SK's wouldn't know how to get their ip, or possibly even what it is.

i would just put an email prompt then see how many of em are valid

Thread: Top 20 directory traversals

Thread Tools

Display

Top 20 directory traversals

Posting Permissions