|
|
|
Anti-IDS
techniques.
|
|
This is an
Apache 1.3.x log. Cannot use AppShield’s logs because the request is made
canonical, and logged as such. So almost all the above requests are converted
to /cgi-bin/
|
|
/cgi-bin/ -
regular
|
|
HEAD /cgi-bin/ -
using HEAD instead of GET (not useful here, as this is a directory)
|
|
/foobar/../cgi-bin/
- use naive ..
|
|
cgi-bin – bad
URL (not starting with /)
|
|
//////////////cgi-bin/
|
|
/foobar/%2e%2e/cgi-bin/
- .. URL encoded
|
|
/./././././././cgi-bin/
|
|
/./././././././cgi-bi%6E/
- “n” URL encoded
|
|
/%252e/cgi-bin/
- “.” double encoded
|
|
/%c0%ae/cgi-bin/
- “.” overlong UTF-8 representation
|
|
|
