Full Disclosure mailing list archives
Re: Question about funny HTTP request
From: Über GuidoZ <uberguidoz () gmail com>
Date: Tue, 7 Sep 2004 15:22:29 -0400
Well, from a quick glance I can tell you that %20 is ascii for "space ( )" and %06 is ascii for a forward slash (/)". I also see %17, which is ascii for ETB (End of Transmission block), however I'm not sure if that's what was supposed to be there. So, replacing the first two leaves you with this: "GET /path/to/%17some_picture.jpg 0001184A/System B3B8A908: HTTP/1.1" If you interpret the %17 to be ETB, then imagine it trying to send another request or maybe a "new line" if you will. See if that helps you determine what it might be after. ~G On Tue, 7 Sep 2004 14:56:53 +0200, Ames Andreas (MPA/DF) <andreas.ames () tenovis com> wrote:
Hello all, I just wanted to check, if somebody can tell me something (possibly security related ;-) about some funny request signatures, as I have found them in my webserver logs. They look similar to: "GET /path/to/%17some_picture.jpg%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%200001184A%06System%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20B3B8A908: HTTP/1.1" TIA, andreas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- Peace. ~G _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Question about funny HTTP request Ames Andreas (MPA/DF) (Sep 07)
- Re: Question about funny HTTP request Über GuidoZ (Sep 07)
- <Possible follow-ups>
- Re: Question about funny HTTP request Ames Andreas (MPA/DF) (Sep 09)