Re: Apache http server 2.0

To: "Kim De Smaele" <kim.de.smaele@pandora.be>, <bugtraq@securityfocus.com>
Cc: <debian-security@lists.debian.org>
Subject: Re: Apache http server 2.0
From: "Justin [GHA]" <fanderatm@hotmail.com>
Date: Sat, 26 Apr 2003 15:53:34 -0700
Message-id: <[🔎] Law10-OE523s1wsXZZT000018b7@hotmail.com>
References: <[🔎] 20030426002031.GA31087@Kim>

I tried the following query and didn't experience anything odd.
http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22%2C.%2F%5C%5B%5D%2
F-%21%60%7E@%23%24%25%5E%3D%2B%28%29-%7B%7D%3C%3E%3B%3A%7C%27%22

The hex here is the string ,./\[]-!`~@#$%^=+()-{}<>;:| '"
Any combination of these characters will result in only the header of the
google search,a dn the copyright to be displayed.

I also tried queries such as "&#0;&#1;&#2;&#3;&#4;"  This returned the same
results.  Although, a query of "&#48;" returned appropriate results, "&#47;"
returned nothing again.  It is speculated that all characters with an ASCII
value of 0-47, excluding 42, will return nothing.

Further research is need, however, this may only be a bug, rather than
something that is exploitable.

http://search.yahoo.com/bin/search?p=%2C.%2F%5C%5B%5D-%21%60%7E@%23%24%25%5E
%3D%2B%28%29-%7B%7D%3C%3E%3B%3A%7C+%27%22&ei=UTF-8 also did not display
anything odd

-Justin
GHA - http://gha.bravepages.com



----- Original Message -----
From: "Kim De Smaele" <kim.de.smaele@pandora.be>
To: <bugtraq@securityfocus.com>
Cc: <debian-security@lists.debian.org>
Sent: Friday, April 25, 2003 5:20 PM
Subject: Apache http server 2.0


> Hi all,
>
> I experienced a very strange apache responce today in our production
> environment at work. A user in a discussion room a posting containing
> the following characters:
>
> ,,''
>
> This gave the result that several pages could not longer be displayed.
> I also tried this on search engine http://www.google.com which gave the
> same result. Nothing of results and not even the message "no results
> found..." could be display. If you even keep on refreshing you will
> notice that also the google logo will disappear.
> On our servers, we didn't notice anything in the logs.
>
> I have done a test with several browsers and I had every time the same
> result as described above:
>
> Internet Explorer
> Netscape (windows)
> Mozilla (Linux)
> Opera (Linux)
>
> Personally I'm not sure but I'm getting the idea that this might me
> exploitable. For example, executing code/commands after using the
> characters as mentioned above followed by the code or the commands in a
> search engine, discussion rooms,...
>
> Kind regards,
>
> Kim De Smaele
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- Re: Apache http server 2.0
  - From: Victor Calzado Mayo <vcalzado@cnio.es>

References:
- Apache http server 2.0
  - From: Kim De Smaele <kim.de.smaele@pandora.be>

Prev by Date: Re: Information in DSAs on necessary restarts due to library-security-updates
Next by Date: Re: Apache http server 2.0
Previous by thread: Apache http server 2.0
Next by thread: Re: Apache http server 2.0
Index(es):
- Date
- Thread