Hello!
I found interesting bug in 3.08b2 which is nice way for denial of
service. This is from web server's logfile:
193.189.160.250 - - [11/Jul/1998:20:30:43 +0200] "GET
/si//////si/ris98.html HTT
P/1.0" 404 174 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
(andrew@
contigo.com)"
193.189.160.250 - - [11/Jul/1998:20:30:44 +0200] "GET
/si//////si/ris98.html/ HT
TP/1.0" 404 175 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
(andrew
@contigo.com)"
193.189.160.250 - - [11/Jul/1998:20:30:44 +0200] "GET /si//////si/faq.html
HTTP/
1.0" 404 172 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
(andrew@co
ntigo.com)"
193.189.160.250 - - [11/Jul/1998:20:30:44 +0200] "GET /si//////si/faq.html/
HTTP
/1.0" 404 173 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
(andrew@c
ontigo.com)"
193.189.160.250 - - [11/Jul/1998:20:30:44 +0200] "GET /si//////www98.html
HTTP/1
.0" 404 171 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
(andrew@con
tigo.com)"
193.189.160.250 - - [11/Jul/1998:20:30:44 +0200] "GET /si//////www98.html/
HTTP/
1.0" 404 172 "http://www.ris.org/si//////deloris.html" "htdig/3.0.8b2
(andrew@co
ntigo.com)"
See lots of / in path? They just keep growing and filling things. Looks
like some bad url in html
made htdig loop.
Was this fixed in some patch already?
Thanks in advance.
Tomaz
p.s.
Thanks to Andrew for nice software.
----
Tomaz Borstnar <[EMAIL PROTECTED]>
"Love is the answer to the final question you ask" - Unknown
----------------------------------------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED] containing the single word "unsubscribe" in
the body of the message.
