Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Results 1 to 3 of 3

Threaded View

  1. #1
    Join Date
    April 2006
    Location
    Germany
    Posts
    8

    Exclamation Directory Traversal?!

    Hey guys,

    I came along this in my logfile and for me it doesn't look really nice. Has some directory traversal bug/exploit flavour, but I am not sure, just have a look

    Code:
    2009-12-26 14:12:33.463073|INFO    |ServerLibPriv |   | Server Version: 3.0.0-beta9 [Build: 9527]
    2009-12-26 14:12:33.473768|INFO    |DatabaseQuery |   | dbPlugin name:    SQLite3 plugin, (c)TeamSpeak Systems GmbH
    2009-12-26 14:12:33.473842|INFO    |DatabaseQuery |   | dbPlugin version: 3.6.21
    2009-12-26 14:12:33.629539|INFO    |Accounting    |   | Licensing Information
    2009-12-26 14:12:33.630218|INFO    |Accounting    |   | type              : Non-profit
    2009-12-26 14:12:33.630688|INFO    |Accounting    |   | starting date     : Mon Dec 21 00:00:00 2009
    2009-12-26 14:12:33.631013|INFO    |Accounting    |   | ending date       : Tue Dec 21 00:00:00 2010
    2009-12-26 14:12:33.631330|INFO    |Accounting    |   | max virtualservers: 10
    2009-12-26 14:12:33.631752|INFO    |Accounting    |   | max slots         : 512
    2009-12-26 14:12:33.650990|INFO    |FileManager   |   | listening on 18x.xxx.xxx.xxx:20001
    2009-12-26 14:12:33.703826|INFO    |VirtualServer |  1| listening on 18x.xxx.xxx.xxx:20002
    2009-12-26 14:12:33.704254|INFO    |Query         |   | listening on 18x.xxx.xxx.xxx:20000
    2009-12-26 14:17:30.750039|INFO    |VirtualServer |  1| permission 'b_client_is_priority_speaker'(id:20621) was deleted by 'Frazze'(id:2) for client (id:2) and channel 'Lobby'(id:1)
    2009-12-27 08:36:04.707644|INFO    |Query         |   | query from 94.75.219.97:8 issued: POST /unauthenticated//..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%
    2009-12-27 08:36:04.760438|INFO    |Query         |   | query from 94.75.219.97:8 issued: TE: deflate,gzip;q=0.3
    2009-12-27 08:36:04.760805|INFO    |Query         |   | query from 94.75.219.97:8 issued: Keep-Alive: 300
    2009-12-27 08:36:04.761187|INFO    |Query         |   | query from 94.75.219.97:8 issued: Connection: Keep-Alive, TE
    2009-12-27 08:36:04.761569|INFO    |Query         |   | query from 94.75.219.97:8 issued: Host: 18x.xxx.xxx.xxx:20000
    2009-12-27 08:36:04.761929|INFO    |Query         |   | query from 94.75.219.97:8 issued: User-Agent: Conf
    

    I wanted to ask if some of you guys have found the same in your log files or anyone has an idea...

    This happened with Debian Lenny 64 Bit and Beta 9 (now updating to beta 10).
    Strange thing is, I am not even using a standart port and there are none users who would know of the ports or have the basic knowledge of how to use telnet....


    Edit: I noticed more of these strange strings in earlier logs, issued by diffent IP's, but allways using port 8 as client-port, any ideas?
    Last edited by Frazze; December 29th, 2009 at 01:58 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. No such file or directory
    By smartino84 in forum Linux / FreeBSD
    Replies: 3
    Last Post: September 21st, 2012, 10:05 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •