Network Security: Detailed info on Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulne

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulne

from [Richard Moore] Network Security

[Permanent Link]

Subject:	Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability
Date:	Tue, 24 Apr 2007 12:40:44 +0100

KJKHyperion wrote:

Michal Majchrowicz wrote:

In this case I agree this is a solution. If Apache wouldn't accept any 
'separators' then XSS (and other stuff) wouldn't be possible at all. Is 
there anywhere described which chars can be used in protocol "field"?

There is no "flaw".


I agree, the only genuine hole here is that the script is printing
untrusted input without quoting it.

Lots cut here, but to add another example to your list of ways the
real parser differs from the grammar:

GET / HT

is accepted as a valid request by Apache too :-)

Cheers

Rich.

-- 
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Michal Majchrowicz Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Richard Moore Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Michal Majchrowicz Message not available Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Michal Majchrowicz Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Richard Moore Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Michal Majchrowicz Message not available Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, KJKHyperion Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Richard Moore <= Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Kradorex Xeron Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Kradorex Xeron Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Kradorex Xeron Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Guasconi Vincent

Previous by Date:	Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, KJKHyperion
Next by Date:	[Full-disclosure] Linksys SPA941 remote DOS with \377 character, Radu State
Previous by Thread:	Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, KJKHyperion
Next by Thread:	Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Kradorex Xeron
Indexes:	[Date] [Thread] [Top] [All Lists]