[22994] in bugtraq
Re: Hidden requests to Apache
daemon@ATHENA.MIT.EDU (Jurjen Oskam)
Thu Oct 25 11:41:41 2001
Date: Thu, 25 Oct 2001 09:28:56 +0200
From: Jurjen Oskam <jurjen@quadpro.stupendous.org>
To: bugtraq@securityfocus.com
Message-ID: <20011025092856.A7622@quadpro.stupendous.org>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <LEEPKOFKPCPHJMIIKFGJEENLCBAA.smiler@vxd.org>; from smiler@vxd.org on Wed, Oct 24, 2001 at 09:09:59PM +0100
On Wed, Oct 24, 2001 at 09:09:59PM +0100, smiler wrote:
> Donīt know if this has been brought before.
> Itīs possible to "cheat" a Apache SysAdministrator and make him think that
> his server didnīt log a HTTP request or make him think that a request has
> been made by another Ip address.
The insertion of control characters that get recorded in the log file is
documented, and not at all buried deep in the documentation:
http://httpd.apache.org/docs/logs.html
"In addition, log files may contain information supplied directly by the
client, without escaping. Therefore, it is possible for malicious clients
to insert control-characters in the log files, so care must be taken in
dealing with raw logs."
--
Jurjen Oskam * http://www.stupendous.org/ for PGP key * Q265230
9:19am up 22:42, 1 user, load average: 0.00, 0.00, 0.00
