Vulnerability Development mailing list archives
Re: WebLogic 5.1.0 SP < SP6
From: Pavel Kankovsky <peak () ARGO TROJA MFF CUNI CZ>
Date: Sat, 17 Mar 2001 19:45:21 +0100
On Wed, 14 Mar 2001, Matt W. wrote:
perl -e 'print "GET" . "/.." . "A" x 10 . "HTTP/1.0" . "\n\n"' | nc <server> <port>
...
The other interesting thing is if you put a space between the GET and the /.. it still does the above but if put a space between the A's and the HTTP/1.0 there is no error.
Perhaps it returns an error because you send malformed requests to it? A correct HTTP request consists of three space-separated words: method, URI, and HTTP version. (And the lines should be terminated with CRLF even if most servers do not care.) Well, "500 Internal Server Error" is a wierd reaction to malformed requests but confusing error messages are so unbiquitious nowadays... --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- WebLogic 5.1.0 SP < SP6 Matt W. (Mar 14)
- Re: WebLogic 5.1.0 SP < SP6 Pavel Kankovsky (Mar 17)