Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: extra long URL attack
From: sam () serve com (Sam Schlansky)
Date: Sat, 11 Jan 1997 12:27:01 -0500

This doesn't seem to work with Apache 1.1.1 on my Linux 2.0.27 box or NCSA
httpd 1.5.2 on Digital UNIX v3.2 41 alpha.

Maybe its just the apache SSL extensions somehow?

I tried using Netscape 3.01 both ELF and Win32, lynx 2.5 (linux), lynx 2.6
(Digital unix) and MS Internet Explorer on NT.

Sam

At 10:43 PM 1/10/97 -0800, strick -- henry strickland wrote:

I don't know about CGI attacks, but this extra long URL to
my site running
       Server version Stronghold/1.3 Ben-SSL/1.3 Apache/1.1.1.
will show you the raw contents of the top directory
rather than the /index.html file (using Netscape Navigator 3.0 solaris
for a browser).

i've always wondered how safe it was to count on nobody seeing
past your index.html -- now i know.  I wonder if some varient
will get you the root directory of my entire filesystem instead
of just the top directory of my web.  I knew I should have
chrooted this stuff....

szia, strick

--

// Sam Schlansky
// sam () serve com
// http://b52-90.datanet.nyu.edu/sam
// PGP Key ID: 0x63A9D707

PGP Public key available upon request and at webpage.

  By Date           By Thread  

Current thread:
  • Re: extra long URL attack Sam Schlansky (Jan 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]