url suffix question
Peter L. Peres
plp-ysDPMY98cNQDDBjDh4tngg at public.gmane.org
Mon Oct 27 23:06:17 UTC 2003
On Mon, 27 Oct 2003, Stephen Allen wrote:
> Has anyone seen a requested url in their web server logs that ends with a " ."?
> That's a space and a period. I cannot seeing it being a mistype as it was logged
> several times.
>
> Is this an attempt at an exploit of some kind?
It could be an exploit if given to a script (cgi). . represents the
current working directory. Depending on what the server does it might pass
. as an argument to the script. This may or may not cause trouble.
Otoh, it has happened to me to cut & paste a url from text complete with
ending dot, which was offset by a space from the url text (and sometimes
not offset).
Peter
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list