Re: [security-elvandar] "access_log?hello" ?

From: Remko Lodder (remko_at_elvandar.org)
Date: 07/27/03

  • Next message: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
    Date: Sun, 27 Jul 2003 20:36:51 +0200
    To: Christine Kronberg <Christine_Kronberg@genua.de>
    
    

    Hi,

    I dont recognise this as a particular script that is running against
    your host.
    Although it could be a custom made script that just sends a lot of
    characters (or a lot of hello's)
    to your host, trying to overflow it.

    My best guess is that it's the overflow option,
    But i am interested now.. so when anyone else has a opinion...

    Cheers

    Kind regards,

    Remko Lodder

    Christine Kronberg wrote:

    > Hi,
    >
    >
    > Checking the logfiles of my private webserver this morning I
    > see the following entries.
    > It looks lile some playchild tried an buffer overflow but I
    > don't remember seeing anything connected to access_log files.
    > Google didn't help. Has anyone else this kind of requests?
    > Or an idea what the result of this request should be?
    >
    >12.221.111.178 - - [25/Jul/2003:12:40:29 +0200] "HEAD
    >/logs/access_log?hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello
    >HTTP/1.0" 404 -
    >12.221.111.178 - - [25/Jul/2003:12:40:29 +0200] "HEAD
    >/logs/active/access_log?hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello
    >HTTP/1.0" 404 -
    >12.221.111.178 - - [25/Jul/2003:12:40:30 +0200] "HEAD
    >/access_log?hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello
    >HTTP/1.0" 404 -
    >
    > Cheers,
    >
    >
    > Chris Kronberg.
    >
    >
    >
    >---------------------------------------------------------------------------
    >----------------------------------------------------------------------------
    >
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"