Here's the log file entry:
- Code: Select all
[Sun Sep 01 19:21:48.963969 2019] [http:error] [pid 12596:tid 2112] [client 127.0.0.1:52147] AH02429: Response header name '<!--' contains invalid characters, aborting request, referer: http://localhost:8080/dev/Site1/genSpinCow.html
And here's the referenced file:
- Code: Select all
<html>
<head>
<title>Spinning Cow with Randomly Generated Colors and Flashes</title>
</head>
<body>
<a href="../../cgi-bin/CGIRand.cgi">CGI</a>
</form>
</body>
</html>
And here's the CGI script (python):
- Code: Select all
#!"E:/computer stuff/python/python.exe"
from imgShimmerGenerate import *
import cgi
import cgitb
cgitb.enable()
def transformToPrint(str):
return "print(\"" + str + "\")\n"
originalTextFile = open("SpinningCowFramework.html", "r")
cgiText = ""
f = originalTextFile.readlines()
for x in f:
cgiText += transformToPrint(x.rstrip().replace("\"", "\\\""))
ranArray = generateRandomIMGShimmer(200, 7).split('\n')
for line in ranArray:
#print(line)
cgiText += transformToPrint(line)
cgiText += transformToPrint("}")
firstColorString = "RGB(" + str(random.randint(0,255)) + ", " + str(random.randint(0,255)) + ", " + str(random.randint(0,255)) + ")"
secondColorString = "RGB(" + str(random.randint(0,255)) + ", " + str(random.randint(0,255)) + ", " + str(random.randint(0,255)) + ")"
cgiText += transformToPrint("@keyframes backgroundColorChange{0%{background-color: " + firstColorString + "}") + transformToPrint("50%{background-color: " + secondColorString + "}") + transformToPrint("100%{backgroundcolor: " + firstColorString + "}") + transformToPrint("}")
cgiText += transformToPrint("</style></head><body><a href=\\\"http://www.starrandco.zenfolio.com\\\"><img src=\\\"hiCows.jpg\\\"></a></body></html>")
#################
print("Content-type: text/html\r\n\r")
print(cgiText)
#################
#print(cgiText.split("<!--")[0])
#print(cgiText.split("<!--")[1])
#print(cgiText.split("<!--")[2])
#cgiArray = cgiText.split("<!--sub-->")
# @keyframes backgroundColorChange{
# 0%{background-color: #D5D2FD;}
# 50%{background-color: #FAFDD2;}
# 100%{background-color: #D5D2FD;}
# }
So, I don't know which file it's complaining about, what is wrong with the header in that file that I don't know the identity of, but if I did know those two things, I would be able to fix it! Actually if I just knew which file it was complaining about I'd be able to fix the header probably no problem.
Mostly I am confused because none of my files have a header with "<!--"
FYI: https://blog.tigertech.net/posts/apache-cve-2016-8743/
Michael
--------------------------
Update:
I removed
- Code: Select all
#print(cgiText.split("<!--")[0])
#print(cgiText.split("<!--")[1])
#print(cgiText.split("<!--")[2])
#cgiArray = cgiText.split("<!--sub-->")
# @keyframes backgroundColorChange{
# 0%{background-color: #D5D2FD;}
# 50%{background-color: #FAFDD2;}
# 100%{background-color: #D5D2FD;}
# }
from CGIRand.cgi and it still doesn't work (as that was the only place I saw "<!--"). I tried changing the slashes in the python header to / or \, neither work. And I double checked that "Content-type: text/html\n\n" is the correct CGI header for an HTML doc.