| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b7bc1b1f040907122230ff3f85@mail.gmail.com> From: uberguidoz at gmail.com (Über GuidoZ) Subject: Question about funny HTTP request Well, from a quick glance I can tell you that %20 is ascii for "space ( )" and %06 is ascii for a forward slash (/)". I also see %17, which is ascii for ETB (End of Transmission block), however I'm not sure if that's what was supposed to be there. So, replacing the first two leaves you with this: "GET /path/to/%17some_picture.jpg 0001184A/System B3B8A908: HTTP/1.1" If you interpret the %17 to be ETB, then imagine it trying to send another request or maybe a "new line" if you will. See if that helps you determine what it might be after. ~G On Tue, 7 Sep 2004 14:56:53 +0200, Ames Andreas (MPA/DF) <andreas.ames@...ovis.com> wrote: > Hello all, > > I just wanted to check, if somebody can tell me something (possibly > security related ;-) about some funny request signatures, as I have > found them in my webserver logs. They look similar to: > > "GET /path/to/%17some_picture.jpg%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%200001184A%06System%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20B3B8A908: HTTP/1.1" > > TIA, > > andreas > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- Peace. ~G
Powered by blists - more mailing lists