I have several domain controllers and run weekly authenticated scans with pretty much a straight forward standard scan. For some reason, this scan compels whichever DC is being scanned at the time, to scan a web server in our DMZ.
Examples (from Domain Controller to DMZ Webserver):
- GET /level/42/exec/- HTTP/1.0
- GET /cgi-bin/webboard/generate.cgi/?content=../../../../../../../../boot.ini.&board=board_1 HTTP/1.0
I'm using the Cloud Agent now so hopefully this will stop, but I'm still curious why this is happening.
Thanks for anyone who can shed some light on this.