soup4you2
March 23rd, 2004, 14:34
found this search string in a buddy of mine's log files... was hopeing somebody here could tell me more about it...
preferable a link or something that explains what exploit this possible is..
SEARCH /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA
AAAAAAAAAAAAAAAAA???????????????????????????????? ?????####???
???????rmomddddddisjhnegdddddddlohddplokdepnqlojld lloskjndiimrlimddd
dddrfsmlgrpehggpdidjlfrjikljijljljskgkhjlipkgkjjgl oqpidjndjjndfididjlddddddh
digssejlgslsskhfmlosljnddlopjlgpdelidloilspiglgpdd hidikssijdhidikssijdlillipdk
hdmloqpggpdidigssijdpssijedieijlohigploihflkldgqii flokffddgsiggpmhmhenqd
gpiggqodsoredgnqjkhdlpepodqdgqnhdrosegoeskirkinloi nfhdgqqjjlodpholoi
nepdgqqlodhlodgpinoirimpgrlhfssssssniekddkpeskmdnr lsomksqdsmlsrlnd
rrsprrdjdddgfddddddddddddhqinmddddgdddddddhdddddds sssddddoldddd
ddddddddddhddddddddddddddddddddddddddddddddddddddd dddddddddd
ddddddddddddddddddddddrldddddddresondrddohdmpqfeol dehppqfeihjljm
kgfdkdkfjsjkkfjejqfdjgjejrjrjskhfdjfjifdkfkijrfdjm jrfdhhhsigfdjqjsjhjifrdqdq
dnfhddddddddddddddnigldipkreimjomhreimjomhreimjomh mnhijkmhrgimj
om
bsdjunkie
March 23rd, 2004, 14:52
Never seen this b4. Was this in a web log or something else?
Atlas
March 23rd, 2004, 15:16
Just looks like a buffer-overflow attempt at first glance.
soup4you2
March 23rd, 2004, 16:21
it's from a IIS webserver log... it indeed does look like a buffer overflow.. the onlything close i've been able to dig up is a old curl overflow.. but the string is diffrent.. so thats not it..
soup4you2
March 23rd, 2004, 16:40
here's another for you.. i've been getting these all day...
[code:1:1f35f2e311]
HTTP/1.1 406 Not Acceptable
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
========================================
Request: XXX.XXX.XXX.XXX0 - - [Tue Mar 23 15:01:00 2004] "POST / HTTP/1.1" 406 259
Handler: (null)
Error: mod_security: Access denied with code 406. Pattern match "^$" at HEADER.
----------------------------------------
POST / HTTP/1.1
Content-Length: 7836
Content-Type: application/x-www-form-urlencoded
Host: bsdhound.com
mod_security-message: Access denied with code 406. Pattern match "^$" at HEADER.
mod_security-action: 406
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCD
EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789AB
CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789
ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF01234567
89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF012345
6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123
456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF01
23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCD
EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789AB
CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789
ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF01234567
89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF012345
6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123
456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF01
23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCD
EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789AB
CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789
ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF01234567
89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF012345
6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123
456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF01
23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCD
EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789AB
CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789
ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF01234567
89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF012345
6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123
456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF01
23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCD
EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789AB
CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789
ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF01234567
89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF012345
6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123
456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF01
23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCD
EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789AB
CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789
ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF01234567
89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF012345
6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123
456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF01
23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 456789ABCDEF0123456789ABCDEF0123456789ABCD
EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01 23456789ABCDEF0123456789ABCDEF0123456789AB
CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF0123456789
ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCD EF0123456789ABCDEF0123456789ABCDEF01234567
89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789AB CDEF0123456789ABCDEF0123456789ABCDEF012345
6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789ABCDEF0123456789ABCDEF0123
456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345 6789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567 89ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 ABCDEF0123456789AB
[/code:1:1f35f2e311]
soup4you2
March 24th, 2004, 15:30
for those interested the top search string was a oracle box doing what it's good at... "Messing up"
bsdjunkie
March 24th, 2004, 16:36
hehe, I still havnt found anything on the other string yet either,, Though Im sure you can google as well as I :P Will ask around though....