[wplug] odd looking entries in httpd-access.log

Bill Moran wmoran at potentialtech.com
Sat Jun 10 18:19:25 EDT 2006

"Daniel McQuay" <simplebob at gmail.com> wrote:

> Hello List,
> I was just going through some log files and ran across some weird entries in
> my httpd-access.log.
> - - [04/Jun/2006:14:50:13 -0400] "SEARCH
> /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9
> \xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9
> for this email i left out several lines of this but has any one ever seen
> this sort of thing before? I suspect that it's some sort of exploit.

It's an attempt to exploit a buffer overflow.  I'm not sure which one, but
I'm certain a few searches will turn up some exact details.

Bill Moran

Not as deceiving as a low down dirty... deceiver.

	Jayne Cobb

More information about the wplug mailing list