[22998] in bugtraq
Re: Hidden requests to Apache
daemon@ATHENA.MIT.EDU (Bob Niederman)
Thu Oct 25 15:10:52 2001
Date: Thu, 25 Oct 2001 12:09:38 -0500 (CDT)
From: Bob Niederman <btrq@bob-n.com>
To: =?iso-8859-1?Q?Rasmus_B=F8g_Hansen?= <moffe@amagerkollegiet.dk>,
bugtraq@securityfocus.com
Cc: smiler <smiler@vxd.org>
In-Reply-To: <Pine.LNX.4.33.0110250755040.1491-100000@grignard.amagerkollegiet.dk>
Message-ID: <Pine.LNX.4.10.10110251158140.1018-100000@bob-n.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8bit
On Thu, 25 Oct 2001, [iso-8859-1] Rasmus Bøg Hansen wrote:
> I cannot reproduce this on RedHat Linux 7.0, apache 1.3.19.
>
> GET / HTTP/1.0 \r\r\n
>
> gives this log entry:
>
> 194.182.238.30 - - [25/Oct/2001:07:54:01 +0200] "GET / HTTP/1.0 \r\r\n"
> 200 510 "-" "-"
>
I suspect you did what I did at first - copy and paste the literal text
from smiler's email into a browser or telnet session. But that's not
right - even though it's what he said, it's not what he meant ;) - what
you need is to send "GET / HTTP/1.0 " followed by hex 13,,whatever - which
his perl script does, though my system complains of a mis-formed header
when the script is run:
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
Request header field is missing colon separator.<P>
<PRE>
+0000] "GET /</PRE>
<P>
<HR>
<ADDRESS>Apache/1.3.14 Server at bob-n.com Port 80</ADDRESS>
</BODY></HTML>
