[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Exploiting apache

To: International-Asso@xxxxxx
Subject: Re: [Full-Disclosure] Exploiting apache
From: Ron <iago@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 24 Feb 2005 09:05:08 -0600

That's an exploit for some IIS vulnerability. A google search will turn it up immediately.

International-Asso@xxxxxx wrote:

Hello everyone,
Last time I have checked my apache log files, I made a
funny discovery.
There was the following logfile entry:

############################################### 84.XX.XX.159 - - [31/Jan/2005:22:46:38 +0000] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\[...] ###############################################

Having a closer lock at the structure of this entry...
###############################################################
"SEARCH \x90[\x02\xb1 (reapeated 1075 times)][\x90 (repeated 10332 times)]"
###############################################################
So, is this a part of an expoit or is it just a funny malformed query?

If it is an exploit, is there a straigt forward method for reengineering this expoit?
Thanks in advance,
markus
______________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Exploiting apache
  - From: International-Asso

Prev by Date: Re: [Full-Disclosure] Please help me update my address book on Ringo
Next by Date: [Full-Disclosure] Google as Application FireWall
Previous by thread: [Full-Disclosure] Exploiting apache
Next by thread: Re: [Full-Disclosure] Exploiting apache
Index(es):
- Date
- Thread