Bugtraq mailing list archives
Re: Hidden requests to Apache
From: Bob Niederman <btrq () bob-n com>
Date: Thu, 25 Oct 2001 12:09:38 -0500 (CDT)
On Thu, 25 Oct 2001, [iso-8859-1] Rasmus B?g Hansen wrote:
I cannot reproduce this on RedHat Linux 7.0, apache 1.3.19. GET / HTTP/1.0 \r\r\n gives this log entry: 194.182.238.30 - - [25/Oct/2001:07:54:01 +0200] "GET / HTTP/1.0 \r\r\n" 200 510 "-" "-"
I suspect you did what I did at first - copy and paste the literal text from smiler's email into a browser or telnet session. But that's not right - even though it's what he said, it's not what he meant ;) - what you need is to send "GET / HTTP/1.0 " followed by hex 13,,whatever - which his perl script does, though my system complains of a mis-formed header when the script is run: <H1>Bad Request</H1> Your browser sent a request that this server could not understand.<P> Request header field is missing colon separator.<P> <PRE> +0000] "GET /</PRE> <P> <HR> <ADDRESS>Apache/1.3.14 Server at bob-n.com Port 80</ADDRESS> </BODY></HTML>
Current thread:
- Hidden requests to Apache smiler (Oct 24)
- Re: Hidden requests to Apache Rasmus Bøg Hansen (Oct 25)
- Re: Hidden requests to Apache Bob Niederman (Oct 25)
- Re: Hidden requests to Apache Lorenzo Pulici (Oct 25)
- Re: Hidden requests to Apache Jurjen Oskam (Oct 25)
- Re: Hidden requests to Apache Rasmus Bøg Hansen (Oct 25)