Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
222
Views
0
Helpful
1
Replies

Problems with sig 5307 - Mercantec Softcart Overflow

DSmirnov
Level 1
Level 1

‎11-04-2004 11:28 AM - edited ‎03-09-2019 09:20 AM

Looks like this one is looking for SoftCart.exe in HTTP request but doesn't pay attention if it is GET field or other field (e.g Referer:).

For example will react on payload below:

Payload: peg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */* Referer: http://www.latoys.com/cgi-bin/SoftCart.exe/lego/lego_dinosaurs.html?E+scstore Accept-Language: en-ca Connection: Keep-Alive

Labels:
0 Helpful
1 Reply 1

craiwill
Cisco Employee
Cisco Employee

‎11-05-2004 07:22 AM

5307 is searching in the URI field for a request to /cgi-bin/softcart.exe with total request length over 500. The URI field in service.http is defined as anything from the GET to the next CRLF. This prevents the situation you are describing since the get is terminated by a CRLF.

0 Helpful
Customers Also Viewed These Support Documents