Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: IBM HTTP SERVER / APACHE

Re: IBM HTTP SERVER / APACHE

From: . Hecix <hecix_at_HOTMAIL.COM>
Date: Fri, 2 Jun 2000 13:07:06 GMT

Number of '/'s = 230 with Apache 1.3.12 on NT4 SP5

Shows the webroot directory, but just doesn't seem to let you see contents
of subdirs. Shows 403 Forbidden

>-----Original Message-----
>From: H D Moore [mailto:hdm_at_SECUREAUSTIN.COM]
>Sent: Thursday, June 01, 2000 4:53 PM
>To: BUGTRAQ_at_SECURITYFOCUS.COM
>Subject: Re: IBM HTTP SERVER / APACHE
>
>
>Hi,
>
>I verified this on IBM_HTTP_SERVER/1.3.3 Apache/1.3.4-dev (Win32). The
>number of /'s needed were exactly the same number as Marek stated in his
>original email (211 being the key number to retrieve an index listing).
>Appended is an example perl script for finding _your_ magic number. Is
>this a bug merely in IBM HTTPD or Apache Win32 in general? Does IBM set
>some odd compile flag which triggers this bug in thier version? Anyone
>from the Apache group care to comment?
>
>-HD
>
>http://www.secureaustin.com (spidermap/nlog/etc)

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Received on Jun 02 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]