Re: Apache http server 2.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
On Sunday 27 April 2003 00:53, Justin [GHA] wrote:
> I tried the following query and didn't experience anything odd.
> http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22%2C.%2F%5C%5B%5D%
>2 F-%21%60%7E@%23%24%25%5E%3D%2B%28%29-%7B%7D%3C%3E%3B%3A%7C%27%22
>
> The hex here is the string ,./\[]-!`~@#$%^=+()-{}<>;:| '"
> Any combination of these characters will result in only the header of the
> google search,a dn the copyright to be displayed.
Probably i'm missing something but google behaivor seems normal to me and very
secure too.
Google's cgi parse out any special character that recives and only takes care
of the alphanumeric queries, try a empty query in google and you will get
exactly the same page that you query gets, add "potato" to you query string
and you get the results for "potato" search.
The final result is that google's cgi don't let you feed it with any special
character.
>
> I also tried queries such as "�" This returned the same
> results. Although, a query of "0" returned appropriate results,
> "/" returned nothing again. It is speculated that all characters with
> an ASCII value of 0-47, excluding 42, will return nothing.
>
> Further research is need, however, this may only be a bug, rather than
> something that is exploitable.
I think that google's cgi does exactly what google's people expects.
:))
>
> http://search.yahoo.com/bin/search?p=%2C.%2F%5C%5B%5D-%21%60%7E@%23%24%25%5
>E %3D%2B%28%29-%7B%7D%3C%3E%3B%3A%7C+%27%22&ei=UTF-8 also did not display
> anything odd
yahoo did not parse out anything but as you say there's nothing "wrong" with
the results page.
>
> -Justin
> GHA - http://gha.bravepages.com
>
>
>
> ----- Original Message -----
> From: "Kim De Smaele" <kim.de.smaele@pandora.be>
> To: <bugtraq@securityfocus.com>
> Cc: <debian-security@lists.debian.org>
> Sent: Friday, April 25, 2003 5:20 PM
> Subject: Apache http server 2.0
>
> > Hi all,
> >
> > I experienced a very strange apache responce today in our production
> > environment at work. A user in a discussion room a posting containing
> > the following characters:
> >
> > ,,''
> >
> > This gave the result that several pages could not longer be displayed.
> > I also tried this on search engine http://www.google.com which gave the
> > same result. Nothing of results and not even the message "no results
> > found..." could be display. If you even keep on refreshing you will
> > notice that also the google logo will disappear.
> > On our servers, we didn't notice anything in the logs.
> >
> > I have done a test with several browsers and I had every time the same
> > result as described above:
> >
> > Internet Explorer
> > Netscape (windows)
> > Mozilla (Linux)
> > Opera (Linux)
> >
> > Personally I'm not sure but I'm getting the idea that this might me
> > exploitable. For example, executing code/commands after using the
> > characters as mentioned above followed by the code or the commands in a
> > search engine, discussion rooms,...
> >
> > Kind regards,
> >
> > Kim De Smaele
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
>
> listmaster@lists.debian.org
- --
- --
Abril
Uno de los peores meses para andar metiendo al mundo en guerras absurdas
El resto de meses del mismo tipo son: Enero, Febrero, Marzo, Mayo, Junio,
Julio, Agosto, Septiembre, Octubre, Noviembre y Diciembre.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+rOMqEzqHF8R72ekRApXyAJ9ffPsxEwj2HZxoAW1ppjiV9mX1RgCggjC0
wgbmsn/jcporNM6a1BhZ7Mc=
=xXdy
-----END PGP SIGNATURE-----
Reply to: