On Tue, Jan 15, 2008 at 06:41:57PM +0800, Eduardo Tongson wrote: [..] > <HTTP 1.1 without trailing slash> > --> HEAD /docs HTTP/1.1 > --> HOST: example.com > HTTP/1.1 301 Moved Permanently > Date: Tue, 15 Jan 2008 10:00:43 GMT > Server: Apache > Location: http://example.com/docs/ [..]
There is a possible XSS attack here. Put whatever you want in your Host: header. My bet is an old Apache version, more than a load balancer. You could also use SinFP[1] to fingerprint the target, and see what operating system is returned. [1] http://www.gomor.org/sinfp -- ^ ___ ___ http://www.GomoR.org/ <-+ | / __ |__/ Research Engineer | | \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- | +--> Net::Frame <=> http://search.cpan.org/~gomor/ <---+ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
