Dear H D Moore,
--Tuesday, June 19, 2007, 11:20:41 PM, you wrote to full-disclosure_at_lists.grok.org.uk:
HDM> $ echo -ne "\r\n\r\n\r\n\r\n\r\n /buggy.php HTTP/1.0\r\n\r\n" | \
HDM> nc webserver 80
According to recommendations of RFC 2616, section 4.1 Web server or
proxy server should ignore \r\n before request for compatibility with
odd clients sending trailing \r\n with POST requests via keep-alive
connections:
In the interest of robustness, servers SHOULD ignore any empty
line(s) received where a Request-Line is expected. In other words, if
the server is reading the protocol stream at the beginning of a
message and receives a CRLF first, it should ignore the CRLF.
$ echo -ne " /buggy.php HTTP/1.0\r\n\r\n" | nc webserver 80
Does the same job. This problem (unsupported request method) was already
reported by Michal Majchrowicz, see
http://securityvulns.com/Qdocument846.html
--
~/ZARAZA http://securityvulns.com/
Электрические шоки очень полезны для формирования характера. (Лем)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Jun 20 2007
Intro
