[X-Unix] Stopping the Webdav Exploit in Apache
Scott Haneda
scott at newgeo.com
Sat Mar 27 19:46:32 PST 2004
on 03/27/2004 07:32 PM, Eugene Lee at list-themacintoshguy at fsck.net wrote:
> :
> : For the life of me, I can not mimic this URI request, every attempt I make
> : to try to create a test case so I can see how to pattern match this with
> : SetEnvIfNoCase Request_URI yields a \\x02\\etc\\etc in my logs.
>
> Try this:
>
> $ curl -X SEARCH http://localhost/$'\x90\x02\xb1\x02\xb1'
>
> : Any idea whats going on here and how I can pattern match this?
>
> This is most likely the WebDAV buffer exploit for Windoze IIS.
>
> http://www.fatelabs.com/library/fatelabs-ntdll-analysis.pdf
Thanks, that indeed works ::-)
Any idea what pattern I would match on and how in this case:
SetEnvIfNoCase Request_URI "MATCH HERE" msjunk
I just cant get it to work.
--
-------------------------------------------------------------
Scott Haneda Tel: 415.898.2602
http://www.newgeo.com Fax: 313.557.5052
scott at newgeo.com Novato, CA U.S.A.
More information about the X-Unix
mailing list