Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question about funny HTTP request

From: Über GuidoZ <uberguidoz () gmail com>
Date: Tue, 7 Sep 2004 15:22:29 -0400
Well, from a quick glance I can tell you that %20 is ascii for "space
( )" and %06 is ascii for a forward slash (/)". I also see %17, which
is ascii for ETB (End of Transmission block), however I'm not sure if
that's what was supposed to be there. So, replacing the first two
leaves you with this:

"GET /path/to/%17some_picture.jpg                                     
  0001184A/System                         B3B8A908: HTTP/1.1"

If you interpret the %17 to be ETB, then imagine it trying to send
another request or maybe a "new line" if you will. See if that helps
you determine what it might be after.

~G

On Tue, 7 Sep 2004 14:56:53 +0200, Ames Andreas (MPA/DF)
<andreas.ames () tenovis com> wrote:

Hello all,

I just wanted to check, if somebody can tell me something (possibly
security related ;-) about some funny request signatures, as I have
found them in my webserver logs.  They look similar to:

"GET 
/path/to/%17some_picture.jpg%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%200001184A%06System%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20B3B8A908:
 HTTP/1.1"

TIA,

andreas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





-- 
Peace. ~G

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: