|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [Snort-users] CGI Null Byte Attack
From: Vitaly McLain (twistah
datasurge.net)Date: Mon Nov 20 2000 - 21:27:24 CST
- Next message: Martin Roesch: "Re: [Snort-users] reputation"
- Previous message: Martin Roesch: "Re: [Snort-users] Can I make a rule to catch SMTP banners?"
- In reply to: Len Burns: "[Snort-users] CGI Null Byte Attack"
- Reply: Vitaly McLain: "Re: [Snort-users] CGI Null Byte Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In short, a "Poison NULL Byte Attack" is when an attacker appends a %00 to a
URL, in order to confuse
a Perl script about where the end of input is (ie to get rid of a file
extension to exploit an open() call, if that makes any sense.)
rain.forrest.puppy described this (and other) attacks in one of his Phrack
articles (I believe it was Phrack #55). It should be either on
phrack.infonexus.com or RFP's site, www.wiretrip.net/rfp
Vitaly McLain
twistahdatasurge.net
twistah OPN & EfNet
"If you don't turn on to politics, politics will turn on you."
- Ralph Nader
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users
- Next message: Martin Roesch: "Re: [Snort-users] reputation"
- Previous message: Martin Roesch: "Re: [Snort-users] Can I make a rule to catch SMTP banners?"
- In reply to: Len Burns: "[Snort-users] CGI Null Byte Attack"
- Reply: Vitaly McLain: "Re: [Snort-users] CGI Null Byte Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]