[15170] in bugtraq
Re: IBM HTTP SERVER / APACHE
daemon@ATHENA.MIT.EDU (. Hecix)
Fri Jun 2 16:48:03 2000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-Id: <20000602130706.74583.qmail@hotmail.com>
Date: Fri, 2 Jun 2000 13:07:06 GMT
Reply-To: ". Hecix" <hecix@HOTMAIL.COM>
From: ". Hecix" <hecix@HOTMAIL.COM>
X-To: BUGTRAQ@SecurityFocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Number of '/'s = 230 with Apache 1.3.12 on NT4 SP5
Shows the webroot directory, but just doesn't seem to let you see contents
of subdirs. Shows 403 Forbidden
>-----Original Message-----
>From: H D Moore [mailto:hdm@SECUREAUSTIN.COM]
>Sent: Thursday, June 01, 2000 4:53 PM
>To: BUGTRAQ@SECURITYFOCUS.COM
>Subject: Re: IBM HTTP SERVER / APACHE
>
>
>Hi,
>
>I verified this on IBM_HTTP_SERVER/1.3.3 Apache/1.3.4-dev (Win32). The
>number of /'s needed were exactly the same number as Marek stated in his
>original email (211 being the key number to retrieve an index listing).
>Appended is an example perl script for finding _your_ magic number. Is
>this a bug merely in IBM HTTPD or Apache Win32 in general? Does IBM set
>some odd compile flag which triggers this bug in thier version? Anyone
>from the Apache group care to comment?
>
>-HD
>
>http://www.secureaustin.com (spidermap/nlog/etc)
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
