httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dave madden <...@paradigm.webvision.com>
Subject imagemap hacks
Date Fri, 09 Aug 1996 18:14:32 GMT
I just noticed somebody at [204.165.216.2] (Fitchburg State College)
sending GET requests with some binary garbage in the PATH_INFO...does
anybody know offhand of any well-known vulnerabilities in
Apache-1.0.5?  Here are the access log lines, with hexdumps of the
garbage.

204.165.216.2 - - [09/Aug/1996:06:16:43 -0700] "GET / HTTP/1.0" 200 4678
204.165.216.2 - - [09/Aug/1996:06:17:04 -0700] "GET /images/menubar.map/Mgs6Ow HTTP/1.0" 302
-
204.165.216.2 - - [09/Aug/1996:06:17:04 -0700] "GET /images/menubar.map/[garbage] HTTP/1.0"
302 -

0000000 2666 afd5 c447 872b 4814 225a e697 da58
0000020 a187 a889 c8f1 2853 3aca dc43 4329 c802
0000040 1606 5194 d921 046a 40fe 6a63 ce5c d082
0000060 49ea ec5b 56c3

204.165.216.2 - - [09/Aug/1996:06:17:05 -0700] "GET /images/menubar.map/[garbage] HTTP/1.0"
302 -

0000000 822f 2666 afd5 c447 872b 4814 225a e697
0000020 da58 a187 a889 c8f1 2853 3aca dc43 4329
0000040 c802 1606 5194 d921 046a 40fe 6a63 ce5c
0000060 d082 49ea ec5b 56c3

204.165.216.2 - - [09/Aug/1996:06:17:05 -0700] "GET /images/menubar.map/[garbage] HTTP/1.0"
302 -

0000000 822f 5196 f6e6 6ef6 b62f 822f 2666 afd5
0000020 c447 872b 4814 225a e697 da58 a187 a889
0000040 c8f1 2853 3aca dc43 4329 c802 1606 5194
0000060 d921 046a 40fe 6a63 ce5c d082 49ea ec5b
0000100 56c3

204.165.216.2 - - [09/Aug/1996:06:17:05 -0700] "GET /images/menubar.map/[garbage] HTTP/1.0"
302 -

0000000 822f 5196 f6e6 6ef6 b62f 822f 0818 090f
0000020 2f82 2f51 96f6 e66e f6b6 2f82 2f26 66af
0000040 d5c4 4787 2b48 1422 5ae6 97da 58a1 87a8
0000060 89c8 f128 533a cadc 4343 29c8 0216 0651
0000100 94d9 2104 6a40 fe6a 63ce 5cd0 8249 eaec
0000120 5b56 c300

d.

Mime
View raw message