[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Question about funny HTTP request
- To: "Ames Andreas (MPA/DF)" <andreas.ames@xxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Question about funny HTTP request
- From: Über GuidoZ <uberguidoz@xxxxxxxxx>
- Date: Tue, 7 Sep 2004 15:22:29 -0400
Well, from a quick glance I can tell you that %20 is ascii for "space
( )" and %06 is ascii for a forward slash (/)". I also see %17, which
is ascii for ETB (End of Transmission block), however I'm not sure if
that's what was supposed to be there. So, replacing the first two
leaves you with this:
"GET /path/to/%17some_picture.jpg
0001184A/System B3B8A908: HTTP/1.1"
If you interpret the %17 to be ETB, then imagine it trying to send
another request or maybe a "new line" if you will. See if that helps
you determine what it might be after.
~G
On Tue, 7 Sep 2004 14:56:53 +0200, Ames Andreas (MPA/DF)
<andreas.ames@xxxxxxxxxxx> wrote:
> Hello all,
>
> I just wanted to check, if somebody can tell me something (possibly
> security related ;-) about some funny request signatures, as I have
> found them in my webserver logs. They look similar to:
>
> "GET
> /path/to/%17some_picture.jpg%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%200001184A%06System%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20B3B8A908:
> HTTP/1.1"
>
> TIA,
>
> andreas
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
Peace. ~G
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html