[21951] in bugtraq
Re: Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS
daemon@ATHENA.MIT.EDU (Stephen Cope)
Fri Jul 27 23:04:49 2001
Date: Sat, 28 Jul 2001 11:49:30 +1200
From: Stephen Cope <mail-e-e4f9ad24cc1631d595@kimihia.org.nz>
To: bugtraq@securityfocus.com
Message-ID: <20010728114930.D24162@mess.kimihia.org.nz>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9B515520AA3CD411B36900508B6636B508F8C9B2@mi8nycmail02.mi8.com>; from brian.dinello@vigilantminds.com on Thu, Jul 26, 2001 at 11:55:16AM -0400
Brian Dinello wrote:
: Old news: As the vulnerability's description describes, any user
: with a web browser can obtain directory listing of the Apache http
: root directory, even if the directory contains an index.html file and
: is password protected.
$ lynx -head -dump http://server:8080/
HTTP/1.0 200 OK
Date: Fri, 27 Jul 2001 23:45:50 GMT
Server: Apache/1.3.20 (Unix) PHP/4.0.6
Using Matt Watchinski's 'Apache Overflow' script on the same server above
I get the result:
Found the magic number: 8171
Checking by hand, yes indeed, the directory listing is displayed.
Although I toyed around with it by hand, I wasn't able to get into any
password protected directories like this:
: Download an Arbitrary file:
: http://15.16.17.18////////////////////////////////////////////////////
: ////thisfile.txt
--
Stephen Cope - http://sdc.org.nz/
