lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Mar 16 01:14:01 2006
From: abryson at bytefocus.com (Alice Bryson)
Subject: strange domain name in phishing email

hi there:
When I use IE 6 web browser, Apache 1.3 accept this kind of request
but Apache 2.0 doesn't.
When I use IE 7 web browser, Apache 2.0 also accept this kind of request.


2006/3/15, gboyce <gboyce@...belly.com>:
> On Tue, 14 Mar 2006, Chris Umphress wrote:
>
> > On 3/14/06, gboyce <gboyce@...belly.com> wrote:
> >> I tried this trick against my personal Apache 2 webserver, and got a 400
> >> bad request as well.  The apache log is showing "Client sent malformed
> >> Host header".
> >>
> >> It looks like Apache is getting the decimal host header, and doesn't
> >> understand what to do with it.  Oddly, the host mentioned in the initial
> >> e-mail is also Apache, but it's Apache 1.3.
> >>
> >> Is your Apache on windows server 1.x or 2.x?
> >
> >
> > I'll jump in and say that mine works works this way (If you want to
> > verify, it is http://1136002182/).
> >
> > I am using Apache 1.3 and have several virtual hosts set up. Since
> > Apache returns the first virtual host if it doesn't match the names of
> > any of the other virtual hosts. That could be the determining factor
> > for why some work and others don't.
>
> I have virtual hosts setup as well, and this behavior doesn't work for me.
>
> I tested a few different servers, and what I've found is that Apache 1.3
> accepts hosts defined in this manner.  Apache 2.0 fails with a 400 error.
>
> Greg
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


--
Homepage:http://www.lwang.org
We collect spam for research at:
mailto:abryson@...efocus.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ