我在IIS 7.5服务器上集成了elmah .net应用程序。偶尔,elmah会显示一个包含错误网址的400和404错误字符串:
Path_Info : /level/7/exec/-/".<EEYE_2009_XSS_TAG>
Path_Info : /index.php/Special:Version
Path_Info : /loyalty_enu/start.swe/>"><script>alert('XSS')</script>
Path_Info : /IISADMPWD/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
Path_Info : /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
Path_Info : /msadc/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
Path_Info : /pls/sample/admin_/help/..%5cplsql.conf
Path_Info : /_vti_bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
Path_Info : /scripts/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
发生这些错误时没有用户登录,并且代码没有理由使用这些网址扩展名。
我的理论是: - 安全软件(Mcafee)正在检查安全漏洞/运行更新 - Windows更新正在导致此问题 - 有人试图破解应用程序/服务器。
有什么想法吗?