[18419] in bugtraq
Using backspace in HTTP requests (Re: Securax Advisory 12)
daemon@ATHENA.MIT.EDU (Philip Stoev)
Wed Jan 3 17:38:48 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <00a201c075c8$761e4c60$0100a8c0@zara>
Date: Wed, 3 Jan 2001 23:02:17 +0200
Reply-To: Philip Stoev <philip@STOEV.ORG>
From: Philip Stoev <philip@STOEV.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As people noted in the past, this seems only applicable to server
administrators that use grep/tail/less/more/cat, etc. on their log
files. Obviously, they are not many.
Hovever, this issue becomes somewhat of problem if this log file is
ran through a log analysis tool that preserves the backspace
characters and other garbage so that they appear in its output
reports. And there are people that will view this output using the
above-mentioned tools, even though they will not view the logs
themselves this way. An attacker with knowledge of the end output may
construct malformed HTTP requests that target its layout. I know at
least one log analysis tool that seems vulnerable such a scenario.
Philip
www stoev org
- ----- Original Message -----
From: "incubus" <incubus@SECURAX.ORG>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Monday, January 01, 2001 4:51 PM
Subject: Securax Advisory 12
> Topic: Remote hiding from access_log and error_log
> Announced: 2000-12-28
> Affects: Logfile auditing with tools that print the contents
> of the
file to the screen.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: www stoev org
iQA/AwUBOlN3OVi4DH/L1CReEQJrDwCcC6NTBE12gRkaxWCiV20M7ai4nrcAoI6G
RWY5V4Clvdbecehd1fjkiXzF
=/xsA
-----END PGP SIGNATURE-----
