我在 IIS 7.5 服务器上将 elmah 与 .net 应用程序集成。有时,elmah 会显示带有非常错误的 url 的 400 和 404 错误字符串:
Path_Info : /level/7/exec/-/".<EEYE_2009_XSS_TAG>
Path_Info : /index.php/Special:Version
Path_Info : /loyalty_enu/start.swe/>"><script>alert('XSS')</script>
Path_Info : /IISADMPWD/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
Path_Info : /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
Path_Info : /msadc/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
Path_Info : /pls/sample/admin_/help/..%5cplsql.conf
Path_Info : /_vti_bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
Path_Info : /scripts/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
发生这些错误时没有用户登录,代码没有理由使用这些 url 扩展名。
我的理论是: - 安全软件 (Mcafee) 正在检查安全漏洞/运行更新 - Windows 更新导致此问题 - 有人试图破解应用程序/服务器。
有任何想法吗?