httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Sussman <mydd...@vidya.com>
Subject Re: imagemap hacks
Date Fri, 09 Aug 1996 22:25:27 GMT
> 
> I just noticed somebody at [204.165.216.2] (Fitchburg State College)
> sending GET requests with some binary garbage in the PATH_INFO...does
> anybody know offhand of any well-known vulnerabilities in
> Apache-1.0.5?  Here are the access log lines, with hexdumps of the
> garbage.
> 
> 204.165.216.2 - - [09/Aug/1996:06:16:43 -0700] "GET / HTTP/1.0" 200 4678
> 204.165.216.2 - - [09/Aug/1996:06:17:04 -0700] "GET /images/menubar.map/Mgs6Ow HTTP/1.0"
302 -
> 204.165.216.2 - - [09/Aug/1996:06:17:04 -0700] "GET /images/menubar.map/[garbage] HTTP/1.0"
302 -
> 

I don't know about any vulnerabilities, but one uses of uris like the ones
above which you might be interested in knowing about (and which I use myself
occasionaly) is to pass query string or path info to be appended onto the
new uri comming out of mod_imap.  Browsers as a rule do not treat something
like <A HREF="/image.map?foo"><IMG .. ISMAP></A> consistently at all.  Some
retain the query information and many just drop it.  The only reliable way
to pass additional information is to add path information to the end of the
uri.

The requires some magic on the server end to be of any use and it is unlikely
that even if you did have that functionaltiy that anyone else would know to
use it.  Did you happen to catch the agent id or the referer?

-adam


Mime
View raw message