> Hi, > > During a penentration test, I discovered that the BEA Weblogic Server > reveals it hostname (on windows machines NetBIOS name) while sending the > following request: > > GET . HTTP/1.0\r\n\r\n > > On older systems (Weblogic 7.0), a simple "BLAH . BLAH\r\n\r\n" will do > the same trick. BEA was contacted about two weeks ago, but I haven't > heard from them (yet). > > Regards, > Michael Reveals hostname: ./ .// .////////////// .%20 .%20%20 .. Does not reveal hostname: ... .a .1 .\ .%21 Seems that a single "." or a "." followed by a "special" character such as "/" or %20 (space) works. Don't know what other "special" characters work. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
