Home page logo
/

bugtraq logo Bugtraq mailing list archives

Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit
From: "SDL Office" <bugtraq () sentry-labs com>
Date: Sun, 24 Jun 2001 22:08:42 +0200

I really noticed many people (not only small servers, also some realyl big
 ones who should know better) are still running vulnerable verions of Apache
 and noticed some things I disliked when testing this exploit, so I rewrote
a
 lot of it's code. Now it will also work if executed from a Windows box. I
 also made it much esaier to use. I hope you, who are intreted in testing
 this issue, will enjoy it. File is attached.

 Here is a change log:

 - help added (more user firendly :-) )
 - messages added
 - exploit is now able to be executed on WinNT or 2k.
 - uses perl version of BSD sockets (compatible to Windows)

 Siberian
 (www.sentry-labs.com)

 P.S.: Yes, I really got too much free time :-P. Took about 30 min. to
 rewrite.

 ----- Original Message -----
 From: Matt Watchinski <matt () farm9 com>
 To: <bugtraq () securityfocus com>
 Sent: Wednesday, June 13, 2001 9:44 AM
 Subject: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory
 Listing Exploit


#!/usr/bin/perl
 [snip]
# Name: Apache Artificially Long Slash Path Directory Listing Exploit
# Author: Matt Watchinski
# Ref: SecurityFocus BID 2503
[snip]


Attachment: apache2.pl
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]