Re: strange domain name in phishing email

["Alice Bryson" <abryson () bytefocus com>]

hi there:
When I use IE 6 web browser, Apache 1.3 accept this kind of request
but Apache 2.0 doesn't.
When I use IE 7 web browser, Apache 2.0 also accept this kind of request.


2006/3/15, gboyce <gboyce () badbelly com>:
> On Tue, 14 Mar 2006, Chris Umphress wrote:
>
> > On 3/14/06, gboyce <gboyce () badbelly com> wrote:
> > > I tried this trick against my personal Apache 2 webserver, and got a 400
> > > bad request as well.  The apache log is showing "Client sent malformed
> > > Host header".
> > >
> > > It looks like Apache is getting the decimal host header, and doesn't
> > > understand what to do with it.  Oddly, the host mentioned in the initial
> > > e-mail is also Apache, but it's Apache 1.3.
> > >
> > > Is your Apache on windows server 1.x or 2.x?
> >
> >
> > I'll jump in and say that mine works works this way (If you want to
> > verify, it is http://1136002182/).
> >
> > I am using Apache 1.3 and have several virtual hosts set up. Since
> > Apache returns the first virtual host if it doesn't match the names of
> > any of the other virtual hosts. That could be the determining factor
> > for why some work and others don't.
>
> I have virtual hosts setup as well, and this behavior doesn't work for me.
>
> I tested a few different servers, and what I've found is that Apache 1.3
> accepts hosts defined in this manner.  Apache 2.0 fails with a 400 error.
>
> Greg
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


--
Homepage:http://www.lwang.org
We collect spam for research at:
mailto:abryson () bytefocus com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/