Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Securax Advisory 12 (Using backspace in HTTP requests)
From: Philip Stoev <philip () STOEV ORG>
Date: Thu, 4 Jan 2001 00:17:13 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: "Alex Muntada" <alexm () AC UPC ES>
Sent: Wednesday, January 03, 2001 1:22 PM
Subject: Re: Securax Advisory 12


Tested Apache 1.3.14 (source compiled httpd) and it still accepts
control chars in HTTP requests, but it shouldn't as pointed by
Henrik Nordstrom.

What is more, Apache will accept backspace characters in the username
supplied via HTTP Authentication (I tested Apache 1.3.12 Win32 and
Basic Auth). If a site is requires such authentication, the username
with the backspace characters will make its way to both access_log
and error_log (since it is not a valid one, unless it has been
created by the attacker previously). If the site does not require
such authentication, the username will not be recorded, even if it
has been supplied.

Philip

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: www stoev org

iQA/AwUBOlOIyFi4DH/L1CReEQLqDQCeJ2GymmJB5O2jmxsQPdbxaL1wlpAAnjoi
A9fGhVvSMh2S1/LWvJVGwZec
=ZMPM
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault