| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <409794C6.3030300@outpost24.com> From: dj at outpost24.com (David Jacoby) Subject: Interesting chunk in the middle of search overflow attempt No idea what it is, but its alot of messages in different languages. The message says "If you think this is an server problem please contact the administrator" and then a link to the administrator. <a href=\"mailto:<!--#echo encoding=\"url\" var=\"SERVER_ADMIN\" -->\">webmaster</a> Uhm, how did you get this message? Ive attached a message containing your output a little bit more sorted. ((D)) Jim Race wrote: > Bounced off the Apache server with no troubles (414) but this was > somewhat new... > > AKA: Analyze "this": > > x90\x90\x90\x90\x90\x90=\"SERVER_ADMIN\" -->\">\xc0\xa5 > \xb0\xfc\xb8\xae\xc0\xda</a>\xbf\x > a1\xb0\xd4 \xbf\xac\xb6\xf4\xc7\xcf\xbd\xc3\xb1\xe2 > \xb9\xd9\xb6\xf8\xb4\xcf\xb4\xd9.\r\n- > ---------ko--\r\n\r\nContent-language: nl\r\nContent-type: text/html; > charset=ISO-8859-1\r > \nBody:----------nl--\r\nIndien u van oordeel bent dat deze server in > fout is, gelieve\r\n > de <a href=\"mailto:<!--#echo encoding=\"url\" var=\"SERVER_ADMIN\" > -->\">webmaster</a> te > contacteren.\r\n----------nl--\r\n\r\nContent-language: > pl\r\nContent-type: text/html; ch > arset=ISO-8859-2\r\nBody:----------pl--\r\nJe\xb6li my\xb6lisz, \xbfe > jest to b\xb3\xb1d t > ego serwera, skontaktuj si\xea z\r\n<a href=\"mailto:<!--#echo > encoding=\"url\" var=\"SERV > ER_ADMIN\" > -->\">administratorem</a>.\r\n----------pl--\r\n\r\nContent-language: > pt-br\r\n > Content-type: text/html; > charset=ISO-8859-1\r\nBody:-------pt-br--\r\nSe você acredi > ta ter encontrado um problema no servidor,\r\npor favor entre em > contato com o \r\n<a href > =\"mailto:<!--#echo encoding=\"url\" var=\"SERVER_ADMIN\" > -->\">webmaster</a>.\r\n-------p > t-br--\r\n\r\nContent-language: ro\r\nContent-type: text/html; > charset=ISO-8859-1\r\nBody: > ----------ro--\r\nVa rugam sa il contactati pe\r\n<a > href=\"mailto:<!--#echo encoding=\"ur > l\" var=\"SERVER_ADMIN\" -->\">webmaster</a>\r\nin cazul in care > credeti ca aceasta este o > eroare a serverului.\r\n----------ro--\r\n\r\nContent-language: > sv\r\nContent-type: text/ > html; charset=ISO-8859-1\r\nBody:----------sv--\r\nOm du tror att > detta beror på ett > serverfel, vänligen kontakta \r\n<a href=\"mailto:<!--#echo > encoding=\"url\" var=\"S > ERVER_ADMIN\" > -->\">webbansvarig</a>.\r\n----------sv--\r\n\r\nContent-language: > tr\r\nCon > tent-type: text/html; > charset=ISO-8859-9\r\nBody:----------tr--\r\nBunun bir sunucu hatas& > #305; olduğunu d\xfcş\xfcn\xfcyorsanız, l\xfctfen\r\n<a > href=\"mailto:<!--# > echo encoding=\"url\" var=\"SERVER_ADMIN\" > -->\">site\r\ny\xf6neticisi</a> ile iletiş > ime > ge\xe7in.\r\n----------tr--\r\nx02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\ > > xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\ > > > -jim > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- Best regards, David Jacoby Security Analysist Outpost24 Security Team Email : dj@...post24.com -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: analyze.txt Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040504/6fbc5d79/analyze.txt
Powered by blists - more mailing lists