lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 26 Apr 2003 15:53:34 -0700
From: "Justin [GHA]" <fanderatm@...mail.com>
To: "Kim De Smaele" <kim.de.smaele@...dora.be>,
	<bugtraq@...urityfocus.com>
Cc: <debian-security@...ts.debian.org>
Subject: Re: Apache http server 2.0


I tried the following query and didn't experience anything odd.
http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22%2C.%2F%5C%5B%5D%2
F-%21%60%7E@...%24%25%5E%3D%2B%28%29-%7B%7D%3C%3E%3B%3A%7C%27%22

The hex here is the string ,./\[]-!`~@...^=+()-{}<>;:| '"
Any combination of these characters will result in only the header of the
google search,a dn the copyright to be displayed.

I also tried queries such as "&#0;&#1;&#2;&#3;&#4;"  This returned the same
results.  Although, a query of "&#48;" returned appropriate results, "&#47;"
returned nothing again.  It is speculated that all characters with an ASCII
value of 0-47, excluding 42, will return nothing.

Further research is need, however, this may only be a bug, rather than
something that is exploitable.

http://search.yahoo.com/bin/search?p=%2C.%2F%5C%5B%5D-%21%60%7E@%23%24%25%5E
%3D%2B%28%29-%7B%7D%3C%3E%3B%3A%7C+%27%22&ei=UTF-8 also did not display
anything odd

-Justin
GHA - http://gha.bravepages.com



----- Original Message -----
From: "Kim De Smaele" <kim.de.smaele@...dora.be>
To: <bugtraq@...urityfocus.com>
Cc: <debian-security@...ts.debian.org>
Sent: Friday, April 25, 2003 5:20 PM
Subject: Apache http server 2.0


> Hi all,
>
> I experienced a very strange apache responce today in our production
> environment at work. A user in a discussion room a posting containing
> the following characters:
>
> ,,''
>
> This gave the result that several pages could not longer be displayed.
> I also tried this on search engine http://www.google.com which gave the
> same result. Nothing of results and not even the message "no results
> found..." could be display. If you even keep on refreshing you will
> notice that also the google logo will disappear.
> On our servers, we didn't notice anything in the logs.
>
> I have done a test with several browsers and I had every time the same
> result as described above:
>
> Internet Explorer
> Netscape (windows)
> Mozilla (Linux)
> Opera (Linux)
>
> Personally I'm not sure but I'm getting the idea that this might me
> exploitable. For example, executing code/commands after using the
> characters as mentioned above followed by the code or the commands in a
> search engine, discussion rooms,...
>
> Kind regards,
>
> Kim De Smaele
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@...ts.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@...ts.debian.org
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ