lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4096B6CE.4030500@well.com>
From: vimages at well.com (Jim Race)
Subject: Interesting chunk in the middle of search overflow attempt

Bounced off the Apache server with no troubles (414) but this was 
somewhat new...

AKA: Analyze "this":

x90\x90\x90\x90\x90\x90=\"SERVER_ADMIN\" -->\">\xc0\xa5 
\xb0\xfc\xb8\xae\xc0\xda</a>\xbf\x
a1\xb0\xd4 \xbf\xac\xb6\xf4\xc7\xcf\xbd\xc3\xb1\xe2 
\xb9\xd9\xb6\xf8\xb4\xcf\xb4\xd9.\r\n-
---------ko--\r\n\r\nContent-language: nl\r\nContent-type: text/html; 
charset=ISO-8859-1\r
\nBody:----------nl--\r\nIndien u van oordeel bent dat deze server in 
fout is, gelieve\r\n
de <a href=\"mailto:<!--#echo encoding=\"url\" var=\"SERVER_ADMIN\" 
-->\">webmaster</a> te
  contacteren.\r\n----------nl--\r\n\r\nContent-language: 
pl\r\nContent-type: text/html; ch
arset=ISO-8859-2\r\nBody:----------pl--\r\nJe\xb6li my\xb6lisz, \xbfe 
jest to b\xb3\xb1d t
ego serwera, skontaktuj si\xea z\r\n<a href=\"mailto:<!--#echo 
encoding=\"url\" var=\"SERV
ER_ADMIN\" 
-->\">administratorem</a>.\r\n----------pl--\r\n\r\nContent-language: 
pt-br\r\n
Content-type: text/html; charset=ISO-8859-1\r\nBody:-------pt-br--\r\nSe 
voc&ecirc; acredi
ta ter encontrado um problema no servidor,\r\npor favor entre em contato 
com o \r\n<a href
=\"mailto:<!--#echo encoding=\"url\" var=\"SERVER_ADMIN\" 
-->\">webmaster</a>.\r\n-------p
t-br--\r\n\r\nContent-language: ro\r\nContent-type: text/html; 
charset=ISO-8859-1\r\nBody:
----------ro--\r\nVa rugam sa il contactati pe\r\n<a 
href=\"mailto:<!--#echo encoding=\"ur
l\" var=\"SERVER_ADMIN\" -->\">webmaster</a>\r\nin cazul in care credeti 
ca aceasta este o
  eroare a serverului.\r\n----------ro--\r\n\r\nContent-language: 
sv\r\nContent-type: text/
html; charset=ISO-8859-1\r\nBody:----------sv--\r\nOm du tror att detta 
beror p&aring; ett
  serverfel, v&auml;nligen kontakta \r\n<a href=\"mailto:<!--#echo 
encoding=\"url\" var=\"S
ERVER_ADMIN\" 
-->\">webbansvarig</a>.\r\n----------sv--\r\n\r\nContent-language: tr\r\nCon
tent-type: text/html; charset=ISO-8859-9\r\nBody:----------tr--\r\nBunun 
bir sunucu hatas&
#305; oldu&#287;unu d\xfc&#351;\xfcn\xfcyorsan&#305;z, l\xfctfen\r\n<a 
href=\"mailto:<!--#
echo encoding=\"url\" var=\"SERVER_ADMIN\" 
-->\">site\r\ny\xf6neticisi</a> ile ileti&#351;
ime 
ge\xe7in.\r\n----------tr--\r\nx02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\
xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\

-jim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ