lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0603151027210.32040@localhost.localdomain>
Date: Wed Mar 15 15:33:18 2006
From: gboyce at badbelly.com (gboyce)
Subject: strange domain name in phishing email

On Tue, 14 Mar 2006, Chris Umphress wrote:

> On 3/14/06, gboyce <gboyce@...belly.com> wrote:
>> I tried this trick against my personal Apache 2 webserver, and got a 400
>> bad request as well.  The apache log is showing "Client sent malformed
>> Host header".
>>
>> It looks like Apache is getting the decimal host header, and doesn't
>> understand what to do with it.  Oddly, the host mentioned in the initial
>> e-mail is also Apache, but it's Apache 1.3.
>>
>> Is your Apache on windows server 1.x or 2.x?
>
>
> I'll jump in and say that mine works works this way (If you want to
> verify, it is http://1136002182/).
>
> I am using Apache 1.3 and have several virtual hosts set up. Since
> Apache returns the first virtual host if it doesn't match the names of
> any of the other virtual hosts. That could be the determining factor
> for why some work and others don't.

I have virtual hosts setup as well, and this behavior doesn't work for me.

I tested a few different servers, and what I've found is that Apache 1.3 
accepts hosts defined in this manner.  Apache 2.0 fails with a 400 error.

Greg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ