Top 20 directory traversals
Results 1 to 4 of 4

Thread: Top 20 directory traversals

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    324

    Top 20 directory traversals

    I store all of my IIS server logs in SQL tables. This has the benefit of being able to run SQL queries against log data. So for my general amusement I created a top 20 query of directory traversals.

    Sort of like 'america's dumbers hackers' (j/k btw - most of them are UK based)

    So here, for your viewing pleasure , is the list of the top 20 directory traversal style attacks against my box. If you run M$ IIS it's worth testing these against _YOUR_OWN_ box.

    Don't test them on my servers because I will write a stern letter to your ISP (see here ) <manical_laugh>heh</manical_laugh>.

    \"I may not agree with what you say, but I will defend to the death your right to say it.\"
    Sir Winston Churchill.

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    324
    Nope, I take it all back...This bloke wins 'America's dumbest hacker':

    http://1270.0.1/cgi-bin/formmail.cgi/email=lafam&subject=www%2Emarkapwatts%2Eco%2Euk%2Fcgi%2Dbin%2Fformmail%2Ecgi&recipient=puil%40aol%2Ecom&msg=Formmail_Found!
    I should leave a note out for all skript kiddies:
    "To all script kiddies - Can I have your email address please - thanks."
    You never know - it might just catch on!
    \"I may not agree with what you say, but I will defend to the death your right to say it.\"
    Sir Winston Churchill.

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    set up a script so when anyone trys a traversal, it pops up a page saying "please enter your email and ip addy for access"
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    356
    Originally posted here by souleman
    set up a script so when anyone trys a traversal, it pops up a page saying "please enter your email and ip addy for access"
    sure that would be funny(cause it would probably work alot of the time), but most if the SK's wouldn't know how to get their ip, or possibly even what it is.

    i would just put an email prompt then see how many of em are valid
    -8-

    There are 10 types of people in this world: those who understand binary, and those who dont.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •