I see some of the web server error logs are incomplete; i.e. the Error Description logged is not complete with the full error stack trace, and user agent and user address and referrer are missed. It is cut somewhere in the middle of stack trace. These error logs look like XSS attempts that were caught (A potentially dangerous Request). I think I have read somewhere that due to an IIS flaw this can happen and the attacker can try to mess up with webserver error logging. Can anyone give some details on it? Here is an example of an incomplete error log (the URL decodes to http://ift.tt/1zrst6f Bad Gateway</title></head><body bgcolor=) :
Error occured on: http://ift.tt/1JdzyIM
Error Description: System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (aspxerrorpath="...tine-Tile/
Aucun commentaire:
Enregistrer un commentaire