I saw something unusual today in a context buffer for the "IIS .. Execute bug". The beginning was normal but then it got strange. This is the strange part:
"/ping.exe?/c+-t+127.0.0.1+-i+0"
I realize it was setting ping parameters but the packet destination was our off-site corporate website and the source was from my co-worker. He did not go to that site, nor did he ping his own box. Here is the full context buffer:
"/scripts/%c0%af..%c0%af..%c0%af../winnt/system32/ping.exe?/c+-t+127.0.0.1+-i+0 HTTP/1.1"
I was hoping someone could give an explanation for this as I'm stumped.
Thanks, Megan