[Full-Disclosure] Interesting chunk in the middle of search overflow attempt

[Jim Race <vimages@xxxxxxxx>]

Bounced off the Apache server with no troubles (414) but this was 
somewhat new...

AKA: Analyze "this":

x90\x90\x90\x90\x90\x90=\"SERVER_ADMIN\" -->\">\xc0\xa5 
\xb0\xfc\xb8\xae\xc0\xda</a>\xbf\x
a1\xb0\xd4 \xbf\xac\xb6\xf4\xc7\xcf\xbd\xc3\xb1\xe2 
\xb9\xd9\xb6\xf8\xb4\xcf\xb4\xd9.\r\n-
---------ko--\r\n\r\nContent-language: nl\r\nContent-type: text/html; 
charset=ISO-8859-1\r
\nBody:----------nl--\r\nIndien u van oordeel bent dat deze server in 
fout is, gelieve\r\n
de <a href=\"mailto:<!--#echo encoding=\"url\" var=\"SERVER_ADMIN\" 
-->\">webmaster</a> te
 contacteren.\r\n----------nl--\r\n\r\nContent-language: 
pl\r\nContent-type: text/html; ch
arset=ISO-8859-2\r\nBody:----------pl--\r\nJe\xb6li my\xb6lisz, \xbfe 
jest to b\xb3\xb1d t
ego serwera, skontaktuj si\xea z\r\n<a href=\"mailto:<!--#echo 
encoding=\"url\" var=\"SERV
ER_ADMIN\" 
-->\">administratorem</a>.\r\n----------pl--\r\n\r\nContent-language: 
pt-br\r\n
Content-type: text/html; charset=ISO-8859-1\r\nBody:-------pt-br--\r\nSe 
voc&ecirc; acredi
ta ter encontrado um problema no servidor,\r\npor favor entre em contato 
com o \r\n<a href
=\"mailto:<!--#echo encoding=\"url\" var=\"SERVER_ADMIN\" 
-->\">webmaster</a>.\r\n-------p
t-br--\r\n\r\nContent-language: ro\r\nContent-type: text/html; 
charset=ISO-8859-1\r\nBody:
----------ro--\r\nVa rugam sa il contactati pe\r\n<a 
href=\"mailto:<!--#echo encoding=\"ur
l\" var=\"SERVER_ADMIN\" -->\">webmaster</a>\r\nin cazul in care credeti 
ca aceasta este o
 eroare a serverului.\r\n----------ro--\r\n\r\nContent-language: 
sv\r\nContent-type: text/
html; charset=ISO-8859-1\r\nBody:----------sv--\r\nOm du tror att detta 
beror p&aring; ett
 serverfel, v&auml;nligen kontakta \r\n<a href=\"mailto:<!--#echo 
encoding=\"url\" var=\"S
ERVER_ADMIN\" 
-->\">webbansvarig</a>.\r\n----------sv--\r\n\r\nContent-language: tr\r\nCon
tent-type: text/html; charset=ISO-8859-9\r\nBody:----------tr--\r\nBunun 
bir sunucu hatas&
#305; oldu&#287;unu d\xfc&#351;\xfcn\xfcyorsan&#305;z, l\xfctfen\r\n<a 
href=\"mailto:<!--#
echo encoding=\"url\" var=\"SERVER_ADMIN\" 
-->\">site\r\ny\xf6neticisi</a> ile ileti&#351;
ime 
ge\xe7in.\r\n----------tr--\r\nx02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\
xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\xb1\\x02\\

-jim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html