'; echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "www.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "www.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "www.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "www.hp-telecom.com") { echo ''; echo 'hp-telecom'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

HTTP Attack (Attack ID:301838)

Release Date:2009-09-27

Attack Name:Sensepost.exe command shell attempt

OS Type:Window

Application Type:Others

Severity:Warning

BUG ID

CVE ID

 

Description


A vulnerability associated Microsoft Internet Information Services (IIS) servers allows an attacker to escape the web root directory (inetpub) permitting navigation to unauthorized directories. This vulnerability is exploitable by encoding characters in unicode because unauthorized directory traversal is not examined after the unicode decoding. A widely available script exploits this vulnerability and copies the \winnt\system32\cmd.exe file to \inetpub\scripts\sensepost.exe, essentially allowing an attacker to execute arbitrary commands on the vulnerable host even after the patch has been applied.

Impact:

Remote access. This attack may permit the execution of arbitrary commands on the vulnerable server.

Affected Systems:

Microsoft IIS v4.0, v5.0
Additional References:

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms00-078.asp
http://cgi.nessus.org/plugins/dump.php3?id=11003

 

Solution

Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.