[Full-disclosure] HTTP 404 - Content-Type: image/gif
- From: "Joshua Tagnore" <joshua.tagnore@xxxxxxxxx>
- Date: Mon, 20 Nov 2006 13:00:00 -0300
Hi list !,
While performing a pentest I found the following:
mafo:/home/joshua/$ nc XXXXX 80 -v -v
GET http://www.XXXXXX.com/YYYYYY HTTP/1.0
HTTP/1.0 404 Not Found
Date: Fri, 17 Nov 2006 13:40:47 GMT
Content-Length: 0
Content-Type: image/gif
Server: Apache/2.0.54 (Unix)
The thing to notice here is the "Content-Type: image/gif" header
returned by the server. The requests that return this header are all
requests that dont end in .html ; for example
http://www.XXXXXX.com/f00.htmlwill return a normal header, but
http://XXXXXX.com/bar.txt will return a "Content-Type: image/gif". Does
anyone have a clue about this configuration ? What is it for ?
Cheers,
--
Joshua Tagnore
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Prev by Date: Re: [Full-disclosure] Patch tuesday debris
- Next by Date: Re: [Full-disclosure] HTTP 404 - Content-Type: image/gif
- Previous by thread: [Full-disclosure] [SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression
- Next by thread: Re: [Full-disclosure] HTTP 404 - Content-Type: image/gif
- Index(es):
